SEC 350:Project 2 - WanderlustPenguin/Charles-Tech-Journal GitHub Wiki

Edge

create key- wg genkey | tee privatekey | wg pubkey > publickey

wireguard interface setup

set interfaces wireguard wg0 address '10.0.1.1/24'
set interfaces wireguard wg0 description 'VPN'
set interfaces wireguard wg0
set interfaces wireguard wg0 port 51820
set interfaces wireguard wg0 private-key (edge private key)

wireguard peer setup

set interfaces wireguard wg0 peer charlie address 10.0.17.26
set interfaces wireguard wg0 peer charlie allowed-ips 10.0.1.2/32
set interfaces wireguard wg0 peer charlie port 51820
set interfaces wireguard wg0 peer charlie public-key (traveler public key(find after downloading wireguard))

firewall setup

set firewall name VPN-to-LAN default-action drop
set firewall name VPN-to-LAN enable-default-log
set firewall name VPN-to-LAN rule 10 action 'accept'
set firewall name VPN-to-LAN rule 10 description 'WireGuard'
set firewall name VPN-to-LAN rule 10 destination address 172.16.200.11
set firewall name VPN-to-LAN rule 10 source address 10.0.1.2/32
set zone-policy zone LAN from VPN firewall name VPN-to-LAN
set firewall name LAN-to-VPN default-action drop
set firewall name LAN-to-VPN enable-default-log
set firewall name LAN-to-VPN rule 10 action accept
set firewall name LAN-to-VPN rule 10 state established enable
set zone-policy zone VPN from LAN firewall name LAN-to-VPN
set zone-policy zone VPN interface wg0

FWMGMT firewall

set firewall name LAN-to-MGMT rule 15 action accept
set firewall name LAN-to-MGMT rule 15 destination address 172.16.200.11
set firewall name LAN-to-MGMT rule 15 destination port 3389
set firewall name LAN-to-MGMT rule 15 protocol tcp
set firewall name LAN-to-MGMT rule 15 source address 10.0.1.2

Traveler

download wireguard
add empty tunnel

insert into table

[Interface]
PrivateKey = (traveler private key)
ListenPort = 51820
Address = 10.0.1.2/32
[Peer]
PublicKey = (edge public key)
AllowedIPs = 10.0.1.1/32, 172.16.200.0/28
Endpoint = 10.0.17.126:51820