[Wireless Router] How to set up site to site VPN with WireGuard®?

What is WireGuard®?

WireGuard® is an advanced and modern VPN protocol that is easy to configure, providing blazing-fast speed, a leaner protocol, and it's seen as more secure than IPsec with the state-of-the-art cryptography. The functionality of WireGuard® VPN somehow performs better than well-known OpenVPN.

 

Why should we set up site to site VPN with WireGuard®?  

If you’re required to share information or resources between intranets from different locations, such as offices, chain stores, using site to site VPN with WireGuard® can quickly help you build up your private network to connect all these places.

 

Why should we set up WireGuard® client in VPN fusion?

Setting up a WireGuard® router client in VPN Fusion can provide VPN connectivity to devices which can’t install VPN software, and work more than one tunnel at a time to fulfill multi-scenarios like gaming, live stream, security purpose. It’s also able to use the local network simultaneously and connected by multi-device as you need.

 

Prepare

WireGuard® is only supported on the firmware version later than 3.0.0.4.388.23000. For Supported models, please refer to https://asus.click/vpnfusionmodel  (You can find the support model list at the  bottom of this page).

For instruction about how to update the firmware, please refer to the support article : How to update the firmware of your router to the latest version ? (WebGUI)

 

 

 

1. Manage routers' subnet before setting.

For example, the router’s LAN default IP is 192.168.50.1, we can manually change the router’s LAN IP of VPN client to 192.168.100.1

Note: The router’s LAN IP of VPN client must be different from VPN server.

 

Change router’s LAN IP in VPN client to 192.168.100.1

 

 

2. Verify the site to site scenario and modify the configuration.

Settings in VPN Server GUI

Settings in VPN Fusion GUI

Scenarios

 

Scenario 1: Change Internet IP

Scenario 2: One-way communication

Scenario 3: Two-way communication

Devices in VPN client LAN connect to VPN server to change the IP location

Devices in VPN client LAN and access the file server in VPN server LAN.

All devices in VPN client LAN and VPN server LAN can communicate with each other.

Access intranet

 Disable
(Default value)

Enable 

Enable

Allow IPs (Server)

10.6.0.2/32
(Default value)

10.6.0.2/32
(Default value)

10.6.0.2/32,192.168.100.0/24
(Add the VPN client IPs in Allows IPs (Server) input field)

Allow IPs (Client)

0.0.0.0/0
(Default value)

0.0.0.0/0
(Default value)

0.0.0.0/0
(Default value)

Enable NAT

Enable
(Default value)

Enable
(Default value)

Disable

 

Scenario 1: Change Internet IP

 

Scenario 2: One-way communication

 

Scenario 3: Two-way communication

 

Note: In some special scenarios, the Internet access is restricted and you need to enable [ Allow DNS ] in WireGuard® Advanced Settings.

            

 

 

How to get the (Utility / Firmware)?

You can download the latest drivers, software, firmware and user manuals in the ASUS Download Center.

If you need more information about the ASUS Download Center, please refer to this link