How to configure Site-to-Site WireGuard VPN on Omada Controller (2024)

Application Scenario

Configuration Overview:

1. Configure the HQ Site WireGuard Interface

2. Configure the Satellite Site WireGuard Interface

3. Configure Peer Information on the HQ Site Controller

4. Configure Peer Information on the Satellite Site Controller

5. Verification

Configuration Steps:

Step 1. Configure the HQ Site WireGuard Interface:

1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard.

Step 2. Configure the Satellite Site WireGuard Interface:

1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard.

2. Click Create New WireGuard and configure the parameters.

Name: Specify the name that identifies the WireGuard interface. (This does not affect the VPN tunnel or behavior.)
Status: Specify whether to enable the WireGuard interface. (Enable or disable your VPN tunnel.)
MTU: Specify the MTU value of the WireGuard interface. The default value of 1420 is recommended. (Usually, it does not need to be set, and is generally determined automatically by the system.)
Listen Port: Specify the port number that the WireGuard interface listens to. The default value is 51820. (Usually, the client does not need this to be configured. In this example, our router is the server. You can change this if you need it and you know what you are doing.)
Local IP Address: Specify the IP address of the WireGuard interface. (Define the IP address of the WireGuard interface, which should be a non-occupied IP address. It is okay to configure outside your existing LAN range.)
Private Key: Specify the private key of the WireGuard interface. The value will be automatically generated on the device, and you can also modify it manually (Defines the private key of this specific VPN tunnel. It has to be set and cannot be shared with other tunnels.)

3. Click Apply. The WireGuard VPN entry will be displayed.

Step 3. Configure Peer Information on the HQ Site Controller:

1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard > Peers.

2. Click Create New Peer. Configure the parameters and click Apply.

Name: Specify the name that identifies the WireGuard tunnel.
Status: Specify whether to enable the peer setting.
Interface: Choose the WireGuard interface to which the peer belongs.
Endpoint: Specify the IP address of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers. (If you need to specify the peer server, you can put the public IP address of the peer server. If the HQ has initiated the connection, this can be optional, which is the case in this guide. If you don't specify the Endpoint on both sites, then the connection cannot be made.)
Endpoint Port: Specify the port number of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers.
Allowed Address: Specify the address segment that allows traffic to pass through. (Here you should specify the subnet of the peer LAN. This defines what you are allowed to access on the peer site. If you do not include the subnet, then you don't have access to it.)
Persistent Keepalive: Specify the tunnel keepalive packet interval. (This defines the interval of the keepalive packet sent to the Allowed Address.)
Comment: Enter the description of the peer.
Public Key: Fill in the public key of the peer Satellite site.
Preshared Key: Specify a shared key if needed.

Step 4. Configure Peer Information on the Satellite Site Controller:

1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard > Peers.

2. Click Create New Peer. Configure the parameters and click Apply.

Name: Specify the name that identifies the WireGuard tunnel.
Status: Specify whether to enable the peer setting.
Interface: Choose the WireGuard interface to which the peer belongs.
Endpoint: Specify the IP address of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers. (If you need to specify the peer server, you can put the public IP address of the peer server. If the HQ has initiated the connection, this can be optional, which is the case in this guide. If you don't specify the Endpoint on both sites, then the connection cannot be made.)
Endpoint Port: Specify the port number of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers.
Allowed Address: Specify the address segment that allows traffic to pass through. (Here you should specify the subnet of the peer LAN. This defines what you are allowed to access on the peer site. If you do not include the subnet, then you don't have access to it.)
Persistent Keepalive: Specify the tunnel keepalive packet interval. (This defines the interval of the keepalive packet sent to the Allowed Address.)
Comment: Enter the description of the peer.
Public Key: Fill in the public key of the peer HQ site.
Preshared Key: Specify a shared key if needed.

Verification:

1. Verify the HQ site has access to the Satellite site.

Use a computer from the HQ to ping the Satellite gateway and PC.

Use a computer from the HQ to access the file server located on the Satellite site. Files can be uploaded or downloaded without any problems.

2. Verify the Satellite site has access to the HQ site.

Use a computer from the Satellite site to ping the HQ gateway.

How to configure Site-to-Site WireGuard VPN on Omada Controller (2024)

FAQs

How to configure WireGuard VPN on OMADA controller? ›

Configuration

Configure WireGuard VPN on the router. Go to VPN -->Wireguard--> Wireguard, click Add and fill in the following parameters:
Configure WireGuard VPN on the Windows PC. ...
Configure peer information on the Omada Router. ...
Connect to the Omada Router using WireGuard VPN.

Mar 21, 2024

Show Me More ›

How to setup site to site VPN with WireGuard? ›

First create the WireGuard tunnel on both sites:

Navigate to VPN > WireGuard > Tunnels.
Click Add Tunnel.
Fill in the options using the information determined earlier, with variations noted for each site: Enabled. Checked. HQ Settings. Description. ...
Copy the public key from each firewall and note which is which.
Click Save.

Apr 3, 2024

Read On ›

How do I setup a VPN on my omada controller? ›

On router A: Go to Settings > VPN > Create New VPN Policy and input the information from PPTP&L2TP VPN server. For “Working Mode”, please check the explanation below: NAT: NAT (Network Address Translation) mode allows the device to translate source IP address of L2TP packets to local IP address of L2TP tunnel.

Keep Reading ›

How to setup WireGuard config? ›

Step 1 - Configure the Wireguard Instance

Go to VPN ‣ WireGuard ‣ Instances.
Click + to add a new Instance configuration.
Configure the Instance configuration as follows (if an option is not mentioned below, leave it as the default): Enabled. Checked. Name. Call it whatever you want (eg HomeWireGuard ) Public Key.

What is the config file for WireGuard VPN? ›

WireGuard config is in INI syntax, defined in a file usually called wg0. conf . It can be placed anywhere on the system, but is often placed in /etc/wireguard/wg0. conf .

Find Out More ›

What is the WireGuard protocol for VPN? ›

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs), and was designed with the goals of ease of use, high speed performance, and low attack surface.

Find Out More ›

What is the difference between site-to-site and client to site VPN? ›

Client-to-Site (or Remote Access) and Site-to-Site (or Gateway-to-Gateway). The difference between them is simple: Client-to-Site VPN is characterized by single user connections. In contrast, Site-to-Site VPNs deal with remote connections between entire networks.

Read On ›

How to connect VPN with URL? ›

In Add a VPN connection, do the following:

For VPN provider, choose Windows (built-in).
In the Connection name box, enter a name you'll recognize (for example, My Personal VPN). ...
In the Server name or address box, enter the address for the VPN server.
For VPN type, choose the type of VPN connection you want to create.

More items...

How to check if WireGuard is working? ›

To view the status of one or more WireGuard tunnels, use the show wireguard [<instance>] command. This command prints the status of all WireGuard tunnels and can optionally limit the output to a specific instance.

Tell Me More ›

How do I add an IP address to WireGuard? ›

Step 1: Expose Wireguard VPN Server to the Internet. Your Public IP Address. ...
Step 2: Setup Wireguard VPN Server. Install the wireguard software and dependencies. ...
Step 3: Setup client connections. ...
Step 4: Setup clients. ...
Step 5: Test Connection.

Sep 29, 2023

Show Me More ›

How do I download a WireGuard configuration file? ›

Click on “Download Apps” and then select “Manual Configuration”
Choose your desired location by clicking on the arrow associated with the location for downloading the configuration file.
Click on the “Download” button.
Choose “Wireguard” from the options.
Choose your device and then click on “Generate Configuration”

Feb 20, 2024

Tell Me More ›

How do I set up WireGuard on TP Link? ›

Go to Advanced > VPN Server > WireGuard, and tick the Enable box of WireGuard.

View the default WireGuard VPN settings, as shown above. ...
Specify a name for this account. ...
• ...
On the account list, you can click the button to modify the VPN server settings, connect to the server, or delete the account.

More items...

Know More ›

Does TP Link ER605 support WireGuard? ›

ER605 v2 2.1. 1 and later firmware has added WireGuard VPN support. By setting 0.0. 0.0/0 as Allowed Address in Peers, the ER605 v2 should be able to work as a WireGuard VPN "Client" to connect a remote WireGuard VPN service and support proxy Internet (make all the Internet traffic be routed through the VPN tunnel).

How do I change the IP address of my WireGuard VPN? ›

On the remote client, open the WireGuard client app and select the tunnel you would like to change. Click the Edit button at the bottom right-hand corner, then locate the entry Endpoint under the section [Peer]. Change that attribute to the appropriate IP or hostname.

Explore More ›

Which is more secure, WireGuard or OpenVPN? ›

The biggest notable differences between WireGuard and OpenVPN are speed and security. While WireGuard is generally faster, OpenVPN provides heavier security. The differences between these two protocols are also what make up their defining features.

Get More Info ›