Skip to content

Instantly share code, notes, and snippets.

@tazarov

tazarov/Install and Configure Wireguard on USG-4 PRO.md

Created June 17, 2023 17:14
Show Gist options
  • Save tazarov/0bf9988eec45df296d75e3b4d125fe27 to your computer and use it in GitHub Desktop.
Save tazarov/0bf9988eec45df296d75e3b4d125fe27 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Install and Configure Wireguard on USG-4 PRO.md

Installation

Check release in https://github.com/WireGuard/wireguard-vyatta-ubnt/releases

#https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20220627-1/ugw4-v1-v1.0.20220627-v1.0.20210914.deb

curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20220627-1/ugw4-v1-v1.0.20220627-v1.0.20210914.deb
sudo dpkg -i ugw4-v1-v1.0.20220627-v1.0.20210914.deb

Configuration

wg genkey | tee /config/auth/wg.key | wg pubkey >  wg.public

configure

set interfaces wireguard wg0 address 192.168.33.1/24
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 route-allowed-ips true

set interfaces wireguard wg0 peer GIPWDet2eswjz1JphYFb51sh6I+CwvzOoVyD7z7kZVc= endpoint example1.org:29922
set interfaces wireguard wg0 peer GIPWDet2eswjz1JphYFb51sh6I+CwvzOoVyD7z7kZVc= allowed-ips 192.168.33.101/32

set interfaces wireguard wg0 peer aBaxDzgsyDk58eax6lt3CLedDt6SlVHnDxLG2K5UdV4= endpoint example2.net:51820
set interfaces wireguard wg0 peer aBaxDzgsyDk58eax6lt3CLedDt6SlVHnDxLG2K5UdV4= allowed-ips 192.168.33.102/32
set interfaces wireguard wg0 peer aBaxDzgsyDk58eax6lt3CLedDt6SlVHnDxLG2K5UdV4= allowed-ips 192.168.33.103/32

set interfaces wireguard wg0 private-key /config/auth/wg.key

set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 protocol udp
set firewall name WAN_LOCAL rule 20 description 'WireGuard'
set firewall name WAN_LOCAL rule 20 destination port 51820

commit
save
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment