Building a Site-2-Site network manually using two GL.iNet routers

This post is to introduce the guide to config LAN to LAN VPN (Site-2-Site) based on WireGuard.

Network Topology

image

1.Login the web interface of AX1800, go to VPN > WireGuard Server and click on the Start button to enable the WireGuard Server.

image

Note: make sure the Allow Access Local Network button is enabled.

2.Go to Management and click on Add a New User.

image

3.Click the file icon on Configurations to review the profile.

    [Interface]
    Address = 10.0.0.2/32
    ListenPort = 41728
    PrivateKey = 6DIxs92F5No35606P+6ovQMIIxMWHzZRfVVwm/ILkmg=
    DNS = 64.6.64.6

    [Peer]
    AllowedIPs = 0.0.0.0/0,::/0
    Endpoint = 113.116.x.x:51820
    PersistentKeepalive = 25
    PublicKey = Bagdcu2x7Ekq9UY2qK+jBsRAC0VEPL1C8J7Yi9uUjGY=

Note: make sure the Endpoint is the same as the WAN IP address of this router, if not, you shall config port forward for this IP address. Here in this example, the WAN IP address of this router is 192.168.17.14, I can just use this IP address instead since the client and server are in the same internal subnet.

4.Login the web interface of SFT1200, go to MORE SETTINGS > LAN IP and change the LAN IP to 192.168.10.1

image

5.Go to VPN > WireGuard Client and click on Set up WireGuard Manually, turn to Configuration and paste the profile.

image

6.Click on Connect to connect to the WireGuard Server.

image

7.SSH login the AX1800, and add the subnet 192.168.10.0/24 to the client_ip in this directory /etc/config/wireguard_server.

image

image

Guide to use vi to modify the file: [OpenWrt Wiki] Command-line interpreter

8.Restart the WireGuard Server with this command.
/etc/init.d/wireguard_server restart

image

9.Add the static route to access the WireGuard VPN Client with this command.
ip route add 192.168.10.0/24 dev wg0

image

Note: if you reboot the router, the static route will be lost and you shall config it again. If you want this static router take affect all the time, you shall run this command to add it to the boot process.

sed -i "/rm \/var\/run\/glwgserver.lock -rf/a\ip route add 192.168.10.0\/24 dev wg0" /etc/init.d/wireguard_server

10.The two subnet can access each other.

3 Likes

Hi Rain … is multi site also possible? Thanks
Geppo

Yes, and you will need to add multi subnets in the allowed ip and some more static routing.

@rain Can add this in router web UI, i’m need configure many networks and mobile devices, and need access all as default devices to all networks without CLI and without goodcloud?

sorry… so far no plan for that