mirror of https://github.com/opnsense/docs
add AzireVPN and MullvadVPN to Wireguard examples (#49)
parent
f1faa6692d
commit
fd49accdd0
@ -0,0 +1,62 @@
|
||||
=====================================
|
||||
WireGuard AzireVPN Road Warrior Setup
|
||||
=====================================
|
||||
|
||||
.. Warning::
|
||||
WireGuard Plugin is still in development, use at your own risk!
|
||||
|
||||
------------
|
||||
Introduction
|
||||
------------
|
||||
|
||||
AzireVPN is an international VPN provider, co-locating in multiple datacenters and offering secure
|
||||
tunneling in respect to privacy. To set up a WireGuard VPN to AzireVPN we assume you are familiar
|
||||
with the concepts of WireGuard you that you have read the basic howto :doc:`how-tos/wireguard-client`.
|
||||
|
||||
-----------------------------------
|
||||
Step 1 - Get AzireVPN configuration
|
||||
-----------------------------------
|
||||
|
||||
For an automated rollout of configuration, AzireVPN will create a private key in your browser and send
|
||||
the public key via an API call to their servers.
|
||||
To get a configuration login to your account_
|
||||
|
||||
.. _account: https://www.azirevpn.com/cfg/wireguard
|
||||
|
||||
Via **Options** you can select the country where you want to break out, choose a port (default ist fine),
|
||||
and set the protocol to tunnel (we only cover IPv4).
|
||||
|
||||
Hit **Download** at the end of the page to get the preconfigured text file and open it in your
|
||||
favorite text editor.
|
||||
|
||||
----------------------------------
|
||||
Step 2 - Setup WireGuard Instance
|
||||
----------------------------------
|
||||
|
||||
Go to tab **Server** and create a new instance. Give it a **Name** and set a desired **Listen Port**.
|
||||
If you have more than one server instance be aware that you can use the **Listen Port** only once. In
|
||||
the field **Private Key** insert the value from your text file and leave **Public Key** empty. **DNS**
|
||||
and **Tunnel Address** has also to be taken from the configuration. Hit **Save** and go to **Endpoint**
|
||||
tab.
|
||||
|
||||
On **Endpoint** tab create a new Endpoint, give it a **Name**, set 0.0.0.0/0 in **Tunnel Address** and set
|
||||
the DNS name from your configuration in **Endpoint Address**. Don't forget to do this also for the port.
|
||||
|
||||
Go back to tab **Server**, open the instance and choose the newly created endpoint in **Peers**.
|
||||
|
||||
Now we can **Enable** the VPN in tab **General** and continue with the setup.
|
||||
|
||||
--------------------------------
|
||||
Step 3 - Assignments and Routing
|
||||
--------------------------------
|
||||
|
||||
To let you internal clients go through the tunnel you have to add a NAT entry. Go to
|
||||
**Firewall->NAT->Outbound** and add a rule. Check that rule generation is set to manual
|
||||
or hybrid. Add a rule and select Wireguard as **Interface**. **Source** should be your
|
||||
LAN network and set **Translation / target** to **interface address**.
|
||||
|
||||
When assigning interfaces we can also add gateways to them. This would offer you the chance to
|
||||
balance traffic via different VPN providers or do more complex routing scenarios.
|
||||
|
||||
|
||||
|
@ -0,0 +1,63 @@
|
||||
=======================================
|
||||
WireGuard MullvadVPN Road Warrior Setup
|
||||
=======================================
|
||||
|
||||
.. Warning::
|
||||
WireGuard Plugin is still in development, use at your own risk!
|
||||
|
||||
------------
|
||||
Introduction
|
||||
------------
|
||||
|
||||
MullvadVPN is a cloud-based VPN provider, offering secure tunneling in respect to privacy.
|
||||
To set up a WireGuard VPN to MullvadVPN we assume you are familiar with the concepts of WireGuard you that
|
||||
you have read the basic howto :doc:`how-tos/wireguard-client`.
|
||||
|
||||
----------------------------------
|
||||
Step 1 - Setup WireGuard Instance
|
||||
----------------------------------
|
||||
|
||||
Go to tab **Server** and create a new instance. Give it a **Name** and set a desired **Listen Port**.
|
||||
If you have more than one server instance be aware that you can use the **Listen Port** only once. In
|
||||
the field **Tunnel Address** insert an unsused private IP address and subnet mask. We don't need it in
|
||||
the first step, but as it is required we can't go on without it. Every other field can be left blank.
|
||||
|
||||
Hit **Save** and open your instance again to write down your public key. You need it to get the rest
|
||||
of the configuration from the Mullvad API servers.
|
||||
|
||||
Now change to your OPNsense CLI via SSH or Console and execute the curl string below. Please replace the
|
||||
**account** data with your own ID you got from MullvadVPN and **pubkey** with the one in your **Server**
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
curl -sSL https://api.mullvad.net/wg/ -d account=123 --data-urlencode pubkey=PUBKEY
|
||||
|
||||
What you receive it the **Tunnel Addres** for your server instance, so edit your instance again, remove
|
||||
the **Tunnel Address** you used when setting up and change it to the one you got.
|
||||
|
||||
On **Endpoint** tab create a new Endpoint, give it a **Name**, set 0.0.0.0/0 in **Tunnel Address** and set
|
||||
the **DNS** to 193.138.219.228. This is the one MulladVPN provides for privacy.
|
||||
|
||||
Now go to the WireGuard server list_ and choose the one you like to use as your breakout. Write down it's
|
||||
public key and set it as **Public Key**. Also don't forget **Endpoint Address** and **Endpoint Port**.
|
||||
|
||||
.. _list: https://www.mullvad.net/en/servers/#wireguard
|
||||
|
||||
Go back to tab **Server**, open the instance and choose the newly created endpoint in **Peers**.
|
||||
|
||||
Now we can **Enable** the VPN in tab **General** and continue with the setup.
|
||||
|
||||
--------------------------------
|
||||
Step 2 - Assignments and Routing
|
||||
--------------------------------
|
||||
|
||||
To let you internal clients go through the tunnel you have to add a NAT entry. Go to
|
||||
**Firewall->NAT->Outbound** and add a rule. Check that rule generation is set to manual
|
||||
or hybrid. Add a rule and select Wireguard as **Interface**. **Source** should be your
|
||||
LAN network and set **Translation / target** to **interface address**.
|
||||
|
||||
When assigning interfaces we can also add gateways to them. This would offer you the chance to
|
||||
balance traffic via different VPN providers or do more complex routing scenarios.
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue