Wireguard Connector
  • 11 Sep 2024
  • 3 Minutes to read
  • Contributors

    Wireguard Connector


      Article summary

      Introduction

      This guide will walk you through the process of establishing a WireGuard VPN connection with your Harmony SASE network using Linux as your operating system.

      Breakdown of topics

      1. Pre-requisites
      2. Configuration Steps
      3. Verifying the Setup
      4. Troubleshooting
      5. Support Contacts

      Pre-requisites

      Make sure the machine that will be hosting the connector meets the following requirements:
      Ubuntu
      • Please see attached the prerequisites for the machine
      • That you are running a supported kernel.
      • That the following packages are installed:
        • curl
        • dig
        • software-properties-common

      CentOS/REHL

      • Please see attached the prerequisites for the machine
      • That you are running a supported kernel.
      • That the following packages are installed:
        • curl
        • bind-utils

      Important

      • If you're not sure you possess the appropriate image installation files, you can find them here (Ubuntu 18.04).
      • Whenever you upgrade your kernel, make sure to reboot it afterward.

      Linux

      1. Kernel
        • Ubuntu (Server/Desktop) 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 23.04
        • CentOS 7 or CentOS 8
        • RHEL 7, RHEL 8, or RHEL 9 (RedHat distributions)
      2. Packages installed
        • UBUNTU - curl; dig; software-properties-common
        • CentOS - curl, bind-utils
      3. Free Disc Space: 20 GB available
      4. Free Memory: 2GB RAM
      5. Static internal IP address
      6. Network adapter cannot be NAT - only Bridge.
      7. If you are hosting the Linux machine on a Windows host, virtualization must be enabled on the Windows BIOS to allow Virtualization.

      Once you make sure these prerequisites are fulfilled you can move on to the next stage, choosing the Site-to-Site connection type which fits your use case the best. 

      This article describes how to install a WireGuard based connector on a Linux server or on a in your organization instead of creating a tunnel between your server and your Firewall/Router.


      Configuration Steps

      Configuring the connector at the Management Platform

      1. Under Networks in the Management Platform on the left side, select the name of the network in which you'd like to set the tunnel. Locate the desired gateway, Select the three-dotted menu (...) and select Add Tunnel.
        360004305679ScreenShot2019-08-27at1406156.png

      2. The following window displays:

      3. Select Harmony SASE Connector, then select Continue.
        • Ensure you have a supported version of Linux within your local network or VPC, then select Next.

      4. Enter a Name of your choice, and the Endpoint, meaning the IP address from which the Linux server is connecting to the internet, accompanied by the correlating Subnet range (the values in the attached image are for demonstration only).
      5. Select Next.
        Note: You can query the Endpoint by executing the following command in your Linux terminal.
      dig +short myip.opendns.com @resolver1.opendns.com

      Select Next and Apply, then wait until the deployment is finished (this may take several minutes).

      Installing the Harmony SASE Connector on a Linux machine:

      1. You should now see the connector under the Network section. Select the three-dotted menu (...) besides its icon, then select Configuration. A similar window will open (the displayed command varies from connector to connector):

      1. Copy the command manually or click "Copy Command"
      2. Open the Linux Terminal as Root user and run the copied command 
      3. Follow the instructions during the connector installation on the Linux server.

      Verifying the Setup

      1. Connect to your Harmony SASE server with the designated app (you can do it on any machine).
      2. Open the terminal and run the following command:
        • ping XXX.XXX.XXX.XXX
          (replace with one of the internal resources in your organization)
      3. If the ping command fails, please make sure that port UDP/8000 is not blocked in your firewall/router, and that you went through all the steps.
      4. If the issue persists, please contact our support services attaching the logs.
        These can be found at the following paths:
      ##Configuration file
      /etc/wireguard/wg0.conf
      
      ##Connection logs
      /tmp/p81-wg-connector.log

      Troubleshooting

      If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

      Support Contacts

      If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.


      Was this article helpful?