Home / Support / Knowledge Base Articles / DAL router as WireGuard Server iOS client

How to configure a DAL Router as WireGuard Server and an iOS client

How to configure DAL as WireGuard Server and a iOS Client

Since DAL OS firmware 24.3.28.88 Support for WireGuard (WG) VPNs has been added.

WireGuard is a VPN protocol that operates at the network layer to provide communication between devices over a public network (more info on WireGuard website: https://www.wireguard.com/).

A DAL router can be configured in two WireGuard modes:

  • Client mode: the DAL router establishes an outbound WireGuard VPN tunnel to a remote server
  • Server mode: one or more remote devices can establish an inbound WireGuard VPN tunnel to the DAL router

In this article, is shown how to configure a DAL router as a WireGuard server with a iOS WireGuard client.

DAL WG Server Configuration  (1st part)

  1. Browse to System > Device Configuration > VPN > WireGuard and add a WG Tunnel:

Enable the “Device managed private key” option, to allow the DAL Router to generate its own public and private keys.

If this setting is enabled, it triggers the DAL router to automatically generate a private key and corresponding public key. This private and public key is used to establish the encrypted communication between the client and peer via the Wireguard tunnel.

  1. Check the WireGuard Public Key (Status > VPN > WireGuard):

  1. Create the WG Interface (System > Device Configuration > Interfaces):

In the WG Tunnel status is shown that it is now linked to the WG Interface:

Also, in the WG Interface the public key will be shown as well:

Check the Public WAN IP address of the DAL router (Note: when acting as a server, the DAL router must be reachable from the remote peers, so it will need a Public IP on the WAN interface).

In this example, the WAN used is the modem, so browse to Status > Interfaces > Modems

WG client configuration on the iOS device

1. Download and install the WG client on the iOS device (https://itunes.apple.com/us/app/wireguard)

2. Open the WG App and click on "Add a tunnel" and select "Create from scratch":

    

2. In the WG interface section, click on "Generate keypair" and the Private/Public key fields will be populated. The address must be in the same subnet of the DAL router WG Interface:

3. Click on the "Add Peer" and configure the Peer section as below:

 

4. Swipe on the Inactive button to activate the tunnel:

 

DAL WG Server Configuration (2nd part)

Browse back in the WG Tunnel configuration on DAL router and add a peer under the Peers section (System > Device configuration > VPN > WireGuard):

Click Apply.

Tunnel established

Check the WG Tunnel status on the DAL router, the iOS Client will be now shown:

Traffic on the tunnel

Try a ping from iOS prompt to the WG interface of the DAL router to verify the traffic is passing via the tunnel:

Try a ping from the DAL router terminal to the WG interface of the iOS client:

Also, on the WG Tunnel status on the DAL router, an increase of traffic can be noticed:

Last updated: Apr 29, 2024

Filed Under

Cellular/Transport

Recently Viewed

No recently viewed articles

Did you find this article helpful?