Description

Milesight gateway supports Wireguard VPN. Wireguard is a UDP-based VPN protocol which adopts a peer-to-peer connection model. For more information about Wireguard VPN, click on https://www.wireguard.com/ to get further information.

 

This article describes how to establish a Wireguard VPN tunnel between 2 Mileight gateways as an example. 

A simple peer-to-peer topology:

 

Requirement

  • Milesight Gateway: UG65/67 with firmware 60.0.0.44 and later, UG56 with firmware 56.0.0.5 and later

 

Configuration

Step 1:

WireGuard uses base64 encoded private and public keys to authenticate hosts to each other. Therefore, you must create keys on each host participating in the WireGuard VPN.

Customized Private Key: The private key can be configured in the input box when you enable it. 

Public Key: A unique identifier for each Peer. Automatically generated by the gateway,  necessary option to establish Wireguard VPN connection.

 

Step 2:

Set a virtual address and the listening port for the local WireGuard peer.

IP Address :It is the IP address of the virtual network interface that WireGuard sets up for the peer; therefore, you can set it to any address you want.

Listening Port: The listening port is used to listen to WireGuard packets and the data forwarding port as the corresponding WireGuard interface. (Range: 1~65535)

DNS: The DNS server is configured for the case that other peers are not able to obtain public IP and relay DNS server is required. Can be blank, or set according to the actual requirement.

MTU: Max Transimission Unit (MTU) of this WireGuard interface. Can be blank, or set according to the actual requirement.

 

 

Step 3:

Add the Peer information in Peer Table.

Peer : The name of the peer device within the WireGuard VPN to identify different devices.

Public Key: The Public Key of Peer.

Allowed IP: The Peer virtual IP address with format IP/mask, example 10.0.10.1/24.

Route Allowed IP: When enabling routing allow IP, after configuring Allowed IP and saving the Peer configuration, the corresponding IP address will be generated in the system's static routing table. When turning off the route allow IP, you need to manually configure the static route, otherwise the data will not be sent properly.

Preshared Key: Can be blank. If filled in, both peers need to be consistent and the key in legal format.

End Point Address: The actual IP address or domain of peer.

End Point Port: The listening port of peer.

Keepalive interval: Configured to send keepalive packets periodically to maintain the connection with the Peer. Default is 25.

 

Configuration Example:

 

 

Step 4:

Ping Peer Virtual IP to check connectivity.

 

 

---END---