WireGuard is a secure, fast, and modern VPN Protocol. A WireGuard VPN connection is made by exchanging public keys and intends to be considerably more performant than OpenVPN. We support the new VPN protocol on Vigor2962/3910 routers since firmware version 4.3.1. This article will show how to establish a WireGuard VPN tunnel between Vigor3910 and Smart VPN Client.
1. Go to VPN and Remote Access >> WireGuard
2. Go to VPN and Remote Access >> Remote Dial-in User to create a profile.
0. Click here to download WireGuard client, then install it. Wireguard VPN would not work on SmartVPN Client if we did not install primeval Windows Wirguard Client on the PC.
1. Open the SmartVPN Client.
2. Select the profile created on step1. Then click Connect to activate the tunnel.
3. Ping a remote network IP(e.g.,Vigor3910’s LAN IP) to establish the VPN connection and check if the VPN works correctly.
0. Click here to download WireGuard client, then install it.
1. Open WireGuard Client.
Now the status shows "Active".
Ping a remote network IP(e.g.,Vigor3910’s LAN IP) to establish the VPN connection and check if the VPN works correctly.
We can also check the VPN connection status in Router’s VPN Connection Status page.
1.Activate WireGuard VPN service via VPN/ General Setup/Wireguard
Default Key Pairs
The Key Pairs in the General Setup are for the Vigor Router. The peer WireGuard VPN clients need the Vigor Router’s Public Key to create the WireGuard VPN profile.
Listen on Interface Settings
This setting specifies which WAN will accept VPN connections. Options are All Interfaces or Specified Interface.
VPN Access List Setting
Select the required VPN access control mode. By default, the Vigor router allows all IP connections. To allow or disallow specific IP addresses, use the Block List mode or Allow List mode.
Brute Force Protection Settings
Specify the maximum number of failed VPN login attempts and the period for blocking access after reaching the threshold.
2. Teleworker VPN Settings
Go to VPN / Teleworker VPN to create the Teleworker VPN profile for the VPN client.
Click on +Add to add a new profile,
In the Teleworker VPN tab:
Under Allowed VPN Protocols, Switch on Enable WireGuard
WireGuard VPN Settings
Local IP Assignment Setting
WireGuard VPN protocol doesn’t contain the IP assignment function. Enter the Static IP for the WireGuard VPN client manually.
1. Download and install the WireGuard VPN client.
2. Click Add Tunnel >> Add empty tunnel. The client will generate a Public Key and a Private Key for this VPN profile.
3. Edit the other settings to the profile manually, then save it.
[Interface] means the WireGuard VPN client settings.
Address is the static IP the VPN server configured for the client.
DNS is the specified DNS server IP
MTU is the MTU of this Wireguard VPN connection.
[Peer] means the WireGuard VPN server.
Peer Public Key is the Public Key of the Vigor2136. It can be found in VPN General Setup page, VPN Server Setup step 1.
Peer PresharedKey is the PresharedKey setting in the Teleworker VPN profile, VPN server Setup step 2.
AllowedIPs is the network the WireGuard VPN client can access. Add 0.0.0.0/1, 128.0.0.0/1 if the user wants to use the WireGuard VPN as default gateway.
Endpoint is the WireGuard VPN server’s IP or Domain name.
4. Activate the WireGuard VPN.
Ping an IP in the remote VPN netwok to ensure the WireGuard connection work.
5. Export the VPN profile from the WireGuard VPN client as a Backup.
6. We can import the WireGuard VPN profile to Smart VPN Client if needed.
Published On: 2022-01-17
Was this helpful?