[Wireless Router] How to set up site to site VPN with WireGuard®?

What is WireGuard®?

WireGuard® is an advanced and modern VPN protocol that is easy to configure, providing blazing-fast speed, a leaner protocol, and it's seen as more secure than IPsec with the state-of-the-art cryptography. The functionality of WireGuard® VPN somehow performs better than well-known OpenVPN.

 

Why should we set up site to site VPN with WireGuard®?  

If you’re required to share information or resources between intranets from different locationss, such as offices, chain stores, using site to site VPN with WireGuard® can quickly help you build up your private network to connect all these places.

 

Why should we set up WireGuard® client in VPN fusion?

Setting up a WireGuard® router client in VPN Fusion can provide VPN connectivity to devices which can’t install VPN software, and work more than one tunnel at a time to fulfill multi-scenarioses like gaming, live stream, security purpose. It’s also able to use the local network simultaneously and connected by multi-device as you need.

 

Prepare

WireGuard® is only supported on the firmware version later than 3.0.0.4.388.23000. For Supported models, please refer to http://asus.click/vpnfusionmodel  (You can find the support model list at the  bottom of this page).

For instruction about how to update the firmware, please refer to the support article : How to update the firmware of your router to the latest version ? (WebGUI)

 

 

 

1. Manage routers' subnet before setting.

For example, the router’s LAN default IP is 192.168.50.1, we can manually change the router’s LAN IP of VPN client to 192.168.100.1

Note: The router’s LAN IP of VPN client must be different from VPN server.

  南宫28NG相信品牌力量(中国最佳)有限公司-官网

Change router’s LAN IP in VPN client to 192.168.100.1

  南宫28NG相信品牌力量(中国最佳)有限公司-官网

 

2. Verify the site to site scenario and modify the configuration.

Settings in VPN Server GUI

Settings in VPN Fusion GUI

Scenarioses

 

Scenario 1: Change Internet IP

Scenario 2: One-way communication

Scenario 3: Two-way communication

Devices in VPN client LAN connect to VPN server to change the IP locations

Devices in VPN client LAN and access the file server in VPN server LAN.

All devices in VPN client LAN and VPN server LAN can communicate with each other.

Access intranet

 Disable
(Default value)

Enable 

Enable

Allow IPs (Server)

10.6.0.2/32
(Default value)

10.6.0.2/32
(Default value)

10.6.0.2/32,192.168.100.0/24
(Add the VPN client IPs in Allows IPs (Server) input field)

Allow IPs (Client)

0.0.0.0/0
(Default value)

0.0.0.0/0
(Default value)

0.0.0.0/0
(Default value)

Enable NAT

Enable
(Default value)

Enable
(Default value)

Disable

 

Scenario 1: Change Internet IP

南宫28NG相信品牌力量(中国最佳)有限公司-官网

 

Scenario 2: One-way communication

南宫28NG相信品牌力量(中国最佳)有限公司-官网

 

Scenario 3: Two-way communication

南宫28NG相信品牌力量(中国最佳)有限公司-官网

 

Note: In some special scenarioses, the Internet access is restricted and you need to enable [ Allow DNS ] in WireGuard® Advanced Settings.

            南宫28NG相信品牌力量(中国最佳)有限公司-官网

 

 

How to get the (Utility / Firmware)?

You can download the latest drivers, software, firmware and user manuals in the ASUS Download Center.

If you need more information about the ASUS Download Center, please refer to this link