Thanks to all the elf’s at Alta Labs for helping Santa to deliver WireGuard.
It’s up and running on Route10 firmware 1.3p; I can connect to it. And I can browse the internet via WG on my Route10.
Now I need to figure out the firewall rules to be able to access stuff on my network … but that can wait …
edit: i was able to access local devices/services after i setup DNS server as the local IP of route10 and restarted dnsmasq (since i have a custom config setup by post-cfg.sh that breaks everytime i make a change in GUI)
after you create the tunnel under Route10 VPN → Wireguard Setup
you need to go to Auth to create “wg peers” or users
press Add User, ‘expand’ Wireguard on the new ‘window’. (bonus tip – If you press setup it will ‘auto’ generate the config for you and show you the QR code for the setup on client site).
I’ve obviously been naughty this year as Santa didn’t give me Wireguard.
Route10 on 1.3p, local self-hosted controller fully up to date and both the Route10 and controller rebooted … my VPN tab only has IPSec and no Wireguard options in the User settings.
The standalone and self-hosted updates are released separately from the cloud-based controller. Wireguard will be available for everyone on those as well before long.
On the Wireguard tunnel manager, you can see the data sent and data received counters for the particular VPN connection. Make sure both have amounts showing and are climbing when you are connected. Initially when I had problems, only data sent had any value at all.
Seems the wireguard server only listens on the primary WAN. I only have static IP on my secondary/fallback WAN2 and my peers don’t get a reply unless the WAN falls-back to WAN2
What kind of speeds would people expect from a Route10/Wireguard combo? Someone has commented it “doesn’t look great” but they look better than speeds I saw mentioned for Unifi gear?
I’m waiting (not very) patiently to be able to try Wireguard myself.
I am not sure what exactly “doesn’t look great” about that speed test. We are missing a lot of information about the configuration of the test, and even so it is just about maxing out the 1Gb connection. I have 600 down 30 up cable and it doesn’t even break a sweat maxing out that connection over Wireguard. I assume in your post you are referring Netgate 1100. That negate will not have performance anywhere near what the Route10 is capable of. Route10 has a quad core network accelerator chip in it, which will allow it to run circles around just about anything else on the market at this price. Full specs are here if you want more specifics.
Wireguard was just barely released for Route10. If there are any shortcomings that need tuning, I am sure the Alta team will get them taken care of ASAP.
Thanks! I must have something misconfigured on the route10. If I want to VPN into the route10 LAN from outside do I set the subnet field to the same subnet of my LAN?
Good question! No, the Wireguard subnet needs to be unique. For example, if your LAN subnet is 192.168.1.1/24, use something like 192.168.5.1/24. All of the intervlan routing is handled behind the scenes. You do not need to add or change any firewall rules for this to work. Out of the box, Route10 Wireguard is set up as a full tunnel connection, so you will remotely be able to access all local subnets that are not isolated using the “Isolation” toggle. Your full internet connection will also run through the tunnel.
Does that help?
YES! Definitely. Thanks for the clear explanation.
I can see data received when on my LAN.
When I switch to a 5G hotspot (with the wireguard enabled on the laptop), data received stops incrementing, so something must still be incorrect in my understanding or my config.