This post is to introduce the guide to config WireGuard LAN to LAN VPN (Site-2-Site) based on GL-iNet SDK 4.X fimrware.
|GL-MT3000 (Beryl AX)||√||-|
|GL-AXT1800 (Slate AX)||√||-|
|GL-A1300 (Slate Plus)||√||-|
|GL-X3000 (Spitx AX)||√||-|
|GL-MT2500 (Brume 2)||√||-|
Login the web interface of AX1800, go to VPN > WireGuard Server and click on the Generate Configuration button. Then Click on the Start button to enable the WireGuard Server.
Go to Profiles and add a New User.
Click the Share icon to review and download the configuration file.
[Interface] Address = 10.0.0.2/24 PrivateKey = 6CNNJMq8pFCq4uG15+woPhP+fReD4EQWse86hqSbf1A= DNS = 22.214.171.124 MTU = 1420 [Peer] AllowedIPs = 0.0.0.0/0,::/0 Endpoint = 42.200.xxx.xxx:51820 PersistentKeepalive = 25 PublicKey = DzlU6qbaKJqpbpP2GS5cUOFWiVmPS68wBHISi0UDzQ4=
Note: make sure the Endpoint is the same as the WAN IP address of this router, if not, you shall config port forward for this IP address. Here in this example, the WAN IP address of this router is 192.168.89.173, I can just use this IP address instead since the client and server are in the same internal subnet.
Go to VPN > VPN Dashboard, click the Setting icon and enable the Allow Remote Access LAN option.
Login the web interface of AXT1800, go to NETWORK > LAN and change the Router IP Address to 192.168.100.1
Go to VPN > WireGuard Client and add new group and drag the downloaded config file to the box. Then click on Apply when it shows “Upload successful”.
Go to VPN > VPN Dashboard, select the proxy mode to Auto Detect, and click on the Setting icon to enable Allow Remote Access LAN. Then enable the WireGuard client.
Note: here the Client Virtual IP(IPv4) 10.0.0.2 is for route rule setting on the VPN server router.
Login the web interface of AX1800, go to VPN > VPN Dashboard and click the Routing icon to add a route rule.
The target address shall be set as the subnet of the VPN client router. Here it is 192.168.100.0/24 in this example. And the gateway is the client router virtual IP 10.0.0.2 in the previous step. After that, back to VPN Dashboard and restart the WireGuard server, to take the route rule into effect.
The two subnets can access each other.