How-To
Services
Internal
Historical
External Tools
VyOS is an open source router. The developers have a nightly rolling release that includes all the latest features such as Wireguard.
It can be downloaded here https://www.vyos.io/rolling-release/.
1.3-rolling-202004300117 is a known good release to work with Wireguard and DN42.
show ip route
generate wireguard default-keypair
show wireguard keypairs pubkey default
Grab your public key and save it for later. This will be shared with peers.
Your peer should provide their endpoint public IP, port, single DN42 address, and Wireguard public key.
set interfaces wireguard wg01 address '172.x.x.x/32'
this is a single address within your DN42 registered address space
set interfaces wireguard wg01 peer OtherGuy1 allowed-ips '0.0.0.0/0''
it's just easier to filter traffic with the firewall
set interfaces wireguard wg01 peer OtherGuy1 address 'x.x.x.x'
this is the public IP of your peers endpoint
set interfaces wireguard wg01 OtherGuy1 port '12345'
the configured port on your peers endpoint
set interfaces wireguard wg01 peer OtherGuy1 pubkey 'XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI='
your peers public wireguard key
set interfaces wireguard wg01 port '12345'
the port your wireguard endpoint will "listen" on
In case you are wondering how you are going to route packets anywhere with a /32, the next command explains it all.
set protocols static interface-route 172.x.x.x/32 next-hop-interface wg01
this is a single provided address by your peer that is assigned to them in the registry
While a normal world configuration may allow multiple peers on one Wireguard interface, this configuration will not work correctly if multiple peers are defined on the same interface.
Now that we have a tunnel to our peer and theoretically can ping them, we can setup BGP.
set protocols bgp 424242XXXX address-family ipv4-unicast network 172.x.x.x\x
Insert your ASN and your assigned network block. Note that this should match your exact prefix as listed in the registry; if you try to advertise a subnet of your assigned block it could get filtered by some peers.
set protocols bgp 424242XXX parameters router-id 172.x.x.x
To keep it simple just make your router ID match your lower IP within the DN42 registered space.
set protocols bgp 424242XXXX neighbor 172.x.x.x address-family ipv4-unicast
This is likely the same IP as the one used in your static route earlier when creating the Wireguard tunnel.
set protocols bgp 424242XXXX neighbor 172.x.x.x ebgp-multihop 20
This setting may need to be adjusted depending on circumstances
set protocols bgp 424242XXXX neighbor 172.x.x.x remote-as 424242XXXX
Your peers ASN
show ip bgp summary
Hosted by: BURBLE-MNT, GRMML-MNT, XUU-MNT, JAN-MNT, LARE-MNT, SARU-MNT, ANDROW-MNT, MARK22K-MNT | Accessible via: dn42, dn42.dev, dn42.eu, wiki.dn42.us, dn42.de (IPv6-only), dn42.cc (wiki-ng), dn42.wiki, dn42.pp.ua, dn42.obl.ong
Last edited by DN42 Wiki (BURBLE-MNT), 2023-02-07 14:25:27