Creating a Wireguard Connection in VYOS

• In this scenario, we want to create a Wireguard interface on our VYOS router and allow for a VPN connection between our windows machine and the router. The first step to this is install wireguard on our windows machine. Once this is done, open wireguard and create a new tunnel. This will generate a tunnel public key, which we will need to copy over to the VYOS Router.

• Our next step is to configure the wireguard interface on our VYOS router. In the first command below, we create a new interface for wireguard and assign it an IP address. In the next two commands, we designate a peer that is allowed to communicate in the tunnel, and we also use the public key from traveler's wireguard here. Lastly, we set a port for them to communicate on and install the key-pair on the interface.

• The last run command generates a public key for the wg0 interface, which we need to copy back over to traveler. Editing our wireguard tunnel on traveler, we need to create a config file that looks like this. We input our preferred address of traveler, the windows client, under the private key. Then, we put in the information of the peers that traveler will be communicating with.

• Now, we want our windows client to communicate through the VPN to our windows server. In order to do this, we need to do a few things. First, on the VYOS router, we need to create a zone for the VPN interface. Once this zone is created, we create two firewalls between our VPN and the network LAN. This will allow us to create rules to allow remote desktop from the windows client, through the router to the mgmt netowrk, and to our windows server. Once you create the firewalls and their respective rules (allowing TCP/3389 through), you can RDP from the windows client through the VPN to the windows server.