Wireguard Client to Site?

Wireguard Client to Site?

Wireguard Client to Site?
Wireguard Client to Site?
2 weeks ago - last edited 2 weeks ago
Model: ER605 (TL-R605)  
Hardware Version: V3
Firmware Version: latest

I have been struggling trying to figure this out, I have a tp-link er605 connected to a omada controller. The interface seems simple enough but i can not for the life of me get my android cell phone to connect with a wireguard vpn. I am wondering if its even possible and reading the threads here i see lots of site to site connections but i have not found client to site. It seems it should be possible ( otherwise why would wireguard even make a android app ) is it not supported by omada?

PS, I love how easy openvpn was made on the controller.

  0      
  0      
#1
Options
1 Accepted Solution
Re:Wireguard Client to Site?-Solution
2 weeks ago - last edited 2 weeks ago

Hi @TdiGuy 

Thanks for posting in our business forum.

Tag and label to filter the topics about the WireGuard.

WG does not have the typical client-to-site or site-to-site. It is all called peer.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
4 Reply
Re:Wireguard Client to Site?-Solution
2 weeks ago - last edited 2 weeks ago

Hi @TdiGuy 

Thanks for posting in our business forum.

Tag and label to filter the topics about the WireGuard.

WG does not have the typical client-to-site or site-to-site. It is all called peer.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
Re:Wireguard Client to Site?
2 weeks ago

  @clive_a

Ok i thought as much. I guess i just really do not understand the setup. I have looked through the guide you posted, its very detailed but when it comes to the local ip address under vpn, wireguard is that supposed to be any unused ip on the LAN side of the router with a private ip? and how does my droid know where to find the vpn connection? there is no mention of a wan ip address there might be millions of routers with 192.168.1.1 ip's

  0  
  0  
#3
Options
Re:Wireguard Client to Site?
2 weeks ago

Hi @TdiGuy 

Thanks for posting in our business forum.

TdiGuy wrote

  @clive_a

Ok i thought as much. I guess i just really do not understand the setup. I have looked through the guide you posted, its very detailed but when it comes to the local ip address under vpn, wireguard is that supposed to be any unused ip on the LAN side of the router with a private ip? and how does my droid know where to find the vpn connection? there is no mention of a wan ip address there might be millions of routers with 192.168.1.1 ip's

That's the downside of the WireGuard VPN. But if you are familiar with the other types of VPN, you'll see how it works after playing with it for some time.

I spent a 1 day or 2 to get an understanding of it and read at least 10 posts from WG officials and other places on its parameters.

 

I think these questions should be answered in the WG official configuration guide.

 

You just need to select the WAN on the Omada. For the Android, it connects to an Endpoint. Not need to worry about the WAN IP of the phone. WG system takes care of it.

About the IP, the Configuration Guide has indicated that. An unused subnet is recommended.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Wireguard Client to Site?
2 weeks ago - last edited 2 weeks ago

is there a breakdown in plain language on how to set one of these up?

It seems like the configuration information is scattered to the wind with multiple articles all over the place on setting these up. I have found several that are useful, but things are not labeled in a consise manner to make it easy to understand just what is placed where. One of them i think got my config 90% of the way but it says to modify the private cert on the client, but i cant modify the private cert.

Also many say to use an unused ip, but none specify if i need to create a new dhcp scope / interface.

the setup has significantly less requirements than openvpn but its poorly labeled and explained. for example i just found out that the endpoint on my client device would point to my home vpn server that was not obvious to me since i would consider the endpoint to be the actual end device i wish to connect to ( my emby server ).

The export button is also missing on my omada controller which is weird with how much documentation says to just export the config.

 

One big question i have on all of this, when it comes to the wireguard ip address on the router is that a ip address that has to already exist in a dhcp scope on the router? For example i use 192.168.1.1/24 on my lan side of the router, do i have to select an unused ip from that pool? Can i use virtually anything like 192.168.3.1? 

 

 

I found a online configuration builder, i cant import into omada but it was really helpful in getting me to understand just where things were going wrong for me, and i had the certs almost all in the wrong places. The weird part is wireguard did not give any authentication errors at least none that pop up on the screen maybe there is a log file somewhere full of them. I would still call wireguard easy to set up by comparison to openvpn aside from omada's itteration of openvpn because omada does a good 90% of the work for you.

Thank you all very much for the referance material, i would suggest people google wireshark configuration generator and throw in some bogus yet easy to spot information ( like i want to connect to ham dot com with dns of 1234 ) to see where everything gets placed. It says it doesnt hold onto any of the info, but if the info isnt valid anyway you never need to worry and its better to use as a learning tool than a crutch and never create your own.

  0  
  0  
#5
Options