How to configure Site-to-Site WireGuard VPN on Omada Controller

G36W-4G , TL-ER7206 , ER7206 , ER8411 , ER707-M2 , ER706W-4G , ER7406 , ER706W , ER605( V2 V2.6 )
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
Application Scenario
Configuration Overview:
1. Configure the HQ Site WireGuard Interface
2. Configure the Satellite Site WireGuard Interface
3. Configure Peer Information on the HQ Site Controller
4. Configure Peer Information on the Satellite Site Controller
5. Verification
Configuration Steps:
Step 1. Configure the HQ Site WireGuard Interface:
1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard.
2. Click Create New WireGuard and configure the parameters.
- Name: Specify the name that identifies the WireGuard interface. (This does not affect the VPN tunnel or behavior.)
- Status: Specify whether to enable the WireGuard interface. (Enable or disable your VPN tunnel.)
- MTU: Specify the MTU value of the WireGuard interface. The default value of 1420 is recommended. (Usually, it does not need to be set, and is generally determined automatically by the system.)
- Listen Port: Specify the port number that the WireGuard interface listens to. The default value is 51820. (Usually, the client does not need this to be configured. In this example, our router is the server. You can change this if you need it and you know what you are doing.)
- Local IP Address: Specify the IP address of the WireGuard interface. (Define the IP address of the WireGuard interface, which should be a non-occupied IP address. It is okay to configure outside your existing LAN range.)
- Private Key: Specify the private key of the WireGuard interface. The value will be automatically generated on the device, and you can also modify it manually (Defines the private key of this specific VPN tunnel. It has to be set and cannot be shared with other tunnels.)
3. Click Apply. The WireGuard VPN entry will be displayed.
Step 2. Configure the Satellite Site WireGuard Interface:
1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard.
2. Click Create New WireGuard and configure the parameters.
- Name: Specify the name that identifies the WireGuard interface. (This does not affect the VPN tunnel or behavior.)
- Status: Specify whether to enable the WireGuard interface. (Enable or disable your VPN tunnel.)
- MTU: Specify the MTU value of the WireGuard interface. The default value of 1420 is recommended. (Usually, it does not need to be set, and is generally determined automatically by the system.)
- Listen Port: Specify the port number that the WireGuard interface listens to. The default value is 51820. (Usually, the client does not need this to be configured. In this example, our router is the server. You can change this if you need it and you know what you are doing.)
- Local IP Address: Specify the IP address of the WireGuard interface. (Define the IP address of the WireGuard interface, which should be a non-occupied IP address. It is okay to configure outside your existing LAN range.)
- Private Key: Specify the private key of the WireGuard interface. The value will be automatically generated on the device, and you can also modify it manually (Defines the private key of this specific VPN tunnel. It has to be set and cannot be shared with other tunnels.)
3. Click Apply. The WireGuard VPN entry will be displayed.
Step 3. Configure Peer Information on the HQ Site Controller:
1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard > Peers.
2. Click Create New Peer. Configure the parameters and click Apply.
- Name: Specify the name that identifies the WireGuard tunnel.
- Status: Specify whether to enable the peer setting.
- Interface: Choose the WireGuard interface to which the peer belongs.
- Endpoint: Specify the IP address of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers. (If you need to specify the peer server, you can put the public IP address of the peer server. If the HQ has initiated the connection, this can be optional, which is the case in this guide. If you don't specify the Endpoint on both sites, then the connection cannot be made.)
- Endpoint Port: Specify the port number of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers.
- Allowed Address: Specify the address segment that allows traffic to pass through. (Here you should specify the subnet of the peer LAN. This defines what you are allowed to access on the peer site. If you do not include the subnet, then you don't have access to it.)
- Persistent Keepalive: Specify the tunnel keepalive packet interval. (This defines the interval of the keepalive packet sent to the Allowed Address.)
- Comment: Enter the description of the peer.
- Public Key: Fill in the public key of the peer Satellite site.
- Preshared Key: Specify a shared key if needed.
Step 4. Configure Peer Information on the Satellite Site Controller:
1. Launch the Omada SDN Controller, and select a site from the drop-down list of Organization. Go to Settings > VPN > WireGuard > Peers.
2. Click Create New Peer. Configure the parameters and click Apply.
- Name: Specify the name that identifies the WireGuard tunnel.
- Status: Specify whether to enable the peer setting.
- Interface: Choose the WireGuard interface to which the peer belongs.
- Endpoint: Specify the IP address of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers. (If you need to specify the peer server, you can put the public IP address of the peer server. If the HQ has initiated the connection, this can be optional, which is the case in this guide. If you don't specify the Endpoint on both sites, then the connection cannot be made.)
- Endpoint Port: Specify the port number of the peer. This parameter is required when the Omada Router actively connects to other WireGuard peers.
- Allowed Address: Specify the address segment that allows traffic to pass through. (Here you should specify the subnet of the peer LAN. This defines what you are allowed to access on the peer site. If you do not include the subnet, then you don't have access to it.)
- Persistent Keepalive: Specify the tunnel keepalive packet interval. (This defines the interval of the keepalive packet sent to the Allowed Address.)
- Comment: Enter the description of the peer.
- Public Key: Fill in the public key of the peer HQ site.
- Preshared Key: Specify a shared key if needed.
Verification:
1. Verify the HQ site has access to the Satellite site.
Use a computer from the HQ to ping the Satellite gateway and PC.
Use a computer from the HQ to access the file server located on the Satellite site. Files can be uploaded or downloaded without any problems.
2. Verify the Satellite site has access to the HQ site.
Use a computer from the Satellite site to ping the HQ gateway.
Întrebări similare:
A fost util acest FAQ?
Părerea ta ne ajută să îmbunătățim acest site.
Ce probleme ai avut cu acest articol?
- Nemulțumit de produs
- Prea complicat
- Titlu confuz
- Nu se aplică pentru mine
- Prea vag
- Alt motiv
Mulțumim
Apreciem părerea ta.
Acest site web folosește cookie-uri pentru a îmbunătăți experiența navigării web, a analiza activitățile online și a oferi utilizatorilor cea mai bună experiență pe site-ul nostru. Te poți opune utilizării cookie-urilor în orice moment. Poți afla mai multe informații în politica de confidențialitate .
Your Privacy Choices
Acest site web folosește cookie-uri pentru a îmbunătăți experiența navigării web, a analiza activitățile online și a oferi utilizatorilor cea mai bună experiență pe site-ul nostru. Te poți opune utilizării cookie-urilor în orice moment. Poți afla mai multe informații în politica de confidențialitate .
Aceste cookie-uri sunt necesare pentru funcționarea site-ului web și nu pot fi dezactivate în sistemele tale
TP-Link
accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Cookie-urile de analiză ne permit să analizăm activitățile tale de pe site-ul nostru web a îmbunătăți și ajusta funcționalitatea site-ului.
Cookie-urile de marketing pot fi setate prin intermediul site-ului nostru web de către partenerii noștri publicitari pentru a crea un profilul intereselor tale și a-ți afișeze reclame relevante pe alte site-uri web.
Google Analytics, Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads și DoubleClick
test_cookie, _gcl_au
Meta Pixel
_fbp
Crazy Egg
cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs
lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or
TikTok
_ttp