Since DAL OS firmware 24.3.28.88 Support for WireGuard (WG) VPNs has been added.
WireGuard is a VPN protocol that operates at the network layer to provide communication between devices over a public network (more info on WireGuard website: https://www.wireguard.com/).
A DAL router can be configured in two WireGuard modes:
· Client mode: the DAL router establishes an outbound WireGuard VPN tunnel to a remote server
· Server mode: one or more remote devices can establish an inbound WireGuard VPN tunnel to the DAL router
In this article, is shown how to configure a DAL router as a WireGuard client.
WG Server
In this example, we will not go into details about how to configure the server side, but we suppose a WG server is enabled to receive connections from WG clients.
Most of the WireGuard servers provide a configuration file that can be used on the clients to connect. In this example, the server provides the following:
![](/getattachment/2931141d-c9fb-4f90-bb27-937575af2169/WG-Client_0.png?lang=en-US&width=400&height=174)
Basing on that, the WG client will be configured on the DAL router in next step.
WG Client configuration on the DAL router
1. Browse to System > Device Configuration > VPN > WireGuard and add a WG Tunnel:
![](/getattachment/Support/knowledge-base/DAL-router-WireGuard-Client/WG-Client_00.png?lang=en-US&width=700&height=83)
In the Peers section, click on Add Peer and configure the Peer as following:
![](/getattachment/0f4c3082-3377-48d5-a5f5-8110aa6f3fc5/WG-Client_1.png?lang=en-US&width=700&height=387)
In the main WG tunnel section, configure as following:
![](/getattachment/b12f254b-e433-4228-ad3b-a1b0a62d8e6e/WG-Client_2.png?lang=en-US&width=600&height=147)
2. Create the WG Interface (System > Device Configuration > Interfaces):
![](/getattachment/Support/knowledge-base/DAL-router-WireGuard-Client/WG-Client_3_bis.png?lang=en-US&width=700&height=68)
![](/getattachment/bb6afbcb-d807-41cf-af38-882cb4f8c18e/WG-Client_3.png?lang=en-US&width=700&height=475)
3. Static route: It will be needed a static route to access the networks behind the server via the WG tunnel. In this example, a route to 192.168.100.0/24 is added:
![](/getattachment/6e49dc0b-7752-4748-8fbf-20c64570bd49/WG-Client_5.png?lang=en-US)
Check the WG tunnel status:
In the WG Tunnel status (Status > VPN > WireGuard), the new WG tunnel linked to the WG interface is shown:
![](/getattachment/5c9aae15-1c0e-48a2-b1b7-8e2a55c55f0a/WG-Client_4.png?lang=en-US&width=700&height=427)
Traffic on the tunnel
Try a ping to a pingable address on the WG server, in this example this is 192.168.100.1 (System > Terminal):
![](/getattachment/3a7c9966-e887-46b1-865c-47b780897f85/WG-Client_6-(2).png?lang=en-US&width=400&height=224)
Also, on the WG Tunnel status on the DAL router, an increase of traffic can be noticed:
![](/getattachment/e26a457f-8887-483f-a686-9a00fd2fadbb/WG-Client_7.png?lang=en-US&width=700&height=392)
Last updated:
Apr 30, 2024