How to Configure a WireGuard Connector on a Linux Machine

Follow

Instead of creating a tunnel between your Perimeter 81 server and your Firewall/Router you can install a WireGuard based connector on a Linux server in your organization that will serve the same purpose.

Step 1: Configure the connector at the Perimeter 81 Management Portal

  1. Under the Network tab in the left menu, click on name of the network in which you'd like to set the tunnel. Locate the desired gateway, click the three dotted icon and press Add Tunnel.

    Screen_Shot_2019-08-27_at_14.06.15.png
  2. The following window will pop:

    2.png

    Choose Perimeter 81 Connector, then press Continue.

  3. Make sure you have an Ubuntu 16.04 LTS or a CentOS 7 instance set within your local network or VPC, then press Next.

    3.png

  4. Enter a Name of your choice, and the IP address (Endpoint) of the machine through which you are configuring the connect, accompanied by the correlating Subnet range (the values in the attached screenshot are for demonstration only). Press Next.

    4.png

  5. Confirm and Apply, then wait until the deployment is finished (this may take several minutes).

Step 2: Configure the connector on your Local Linux Machine

  1.  You should now see the connector under the Network section. Click the three dots besides its icon, then click Configure. A similar window will open (the displayed command varies from connector to connector):

    5.png

    Copy the Command.

  2. If you're running Ubuntu:
    • You may want to run the following commands in order to ensure all prerequisites are installed:
      apt-get install curl
      apt install software-properties-common
    • Run the command that you copied (press Yes at Stage 4).
    • Ensure the firewall rules are saved by running the following commands:
      iptables-save | sudo tee /etc/iptables.conf
      vi /etc/rc.local
      # Load iptables rules from this file
      iptables-restore < /etc/iptables.conf
      chmod +x /etc/rc.local
  3.  If you're running CentOS:
    • You may want to run the following commands in order to ensure all prerequisites are installed:
    • yum install “kernel-devel-uname-r == $(uname -r)”
    • Run the command that you copied (press Yes at Stage 4).
    • Ensure the firewall rules are saved by running the following commands:
       # Load iptables rules from this file
      iptables-restore < /etc/iptables.conf
      chmod +x /etc/rc.d/rc.local
  4.  Please note: saving the firewall rules in this purposed manner is only relevant for IP Tables. If you're using other a different firewall software you might need to adjust these commands.

  5. In order for other servers in the same environment to be accessed through your Perimeter 81 network:

    • Make sure that the server setup allows network forwarding:

      vi /etc/sysctl.conf

      Look for net.ipv4.ip_forward and set it to 1. If it does not exists add the following line at the end of the file:
      net.ipv4.ip_forward=1
    • In order for the change to take place:
      • run - 
        sysctl -p /etc/sysctl.conf
      • Or - Reboot the server.

    • Setting local route configuration (Connector as the Gateway) - there are couple options for setting the routing as described in the next steps:

      • Option A: SNAT: The connector will mask the source IP of Perimeter 81 to the connector server's local IP. This will allow network connectivity to local resources without making any route changes on the local network or servers.
        • open iptables.conf file you created above
        • add the following POSTROUTING rules to the end of the file (ex. need to change according to your server and network) 
          • *nat
            :POSTROUTING ACCEPT [0:0]
            -A POSTROUTING -s 10.255.0.0/16 -d 0/0 -j SNAT --to-source 172.16.126.145
            COMMIT 
          • Where:
            • 10.254.0.0/16 - Your P81 network subnet. 
            • 172.16.126.145 - Connector server's local IP address
      • Option B: on every server / local router add a route for the Perimeter 81 network subnet (10.255.0.0/16 - for example) to go through the gateway (Connector).

Step 3: Verify that the Connector is Up

  1. Connect to your Perimeter 81 server with the designated app (you can do it on any machine).
    Screen_Shot_2019-08-29_at_15.25.50.png
  2. Open the terminal and run the following command:
    ping XXXX.XXXX.XXXX.XXXX
    (replace with your Perimeter 81 internal server IP)
  3. If the ping command fails, please make sure that you went through all the steps. If the issue persists, please contact our support services.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.