The following document guides the configuration of the Wireguard VPN Client on the PIAP Routers and Access Points.


Pre-requisite:

1. User should have the Wireguard Server Endpoint and the Peer information from the Wireguard Server.

Steps:

  1. Login to PCC dashboard https://cloud.prontonetworks.com

  2. Navigate to Configuration >> VPN Configuration

  3. Configure the following details:

    1. Connection Name:  Enter the name of the VPN connection 

    2. Enable: Make “Yes” to enable the VPN connection

    3. AP: Select the AP on which the VPN connection to be configured from the dropdown

    4. VPN: Select the VPN protocol “Wireguard”

    5. Tunnel Connection: Select “Always” from the dropdown

    6. Type: Check the “Client” radio button

    7. Interface

      1. Private Key: Input the Private Key as for the peer as generated on Wireguard Server. 

      2. Address: Enter the corresponding client IP of Private key configured on Wireguard Server

      3. MTU: Optional. In case the network MTU needs to be adjusted, enter the MTU value. 

      4. Pass-Through: To send the PIAP management traffic outside the VPN tunnel, please configure the following in the Passthrough: 
        8.8.8.8/32, 8.8.4.4/32, 54.83.40.50/32, 54.243.41.103/32, 107.20.165.168/32

    8. Peer

      1. Public Key: Enter the Wireguard Server public key 

      2. PSK: Optional. In case a PSK is configured on the Wireguard Server, enter the PSK value. 

      3. Allowed IPs: To allow all outbound IPv4 traffic to enter 0.0.0.0/0. To only take specific network traffic over the VPN, enter the network IP range. 

      4. Endpoint IP: IP address of the Wireguard Server. 

      5. Endpoint Port: Port fo the Wireguard Server

  4. Click the “Create” or “Update VPN” button to save.