Differences

This shows you the differences between two versions of the page.

--- technical:wireguard-rd-support [2025/11/04 07:08] – created system
+++ technical:wireguard-rd-support [2025/11/04 09:47] (current) – [Next Steps] system
@@ Line 1: / Line 1: @@
 ====== Wireguard Support in RADIUSdesk ======
 ===== Introduction =====
-  * As of November 2025, RADIUSdesk can centrally manage Wireguard on Ubuntu and Raspberry Pi based devices.
+  * As of November 2025, RADIUSdesk can centrally manage Wireguard running on Ubuntu and Raspberry Pi based devices.
-  * This is done by a lightweight agent that interacts with RADIUSdesk.
+  * The **Wireguard Servers** applet declares and manages one or more instances of Wireguard on these devices.
-  * Each device now has the ability to be configured though a web applet on RADIUSdesk.
+  * The device runs a lightweight agent which interacts with RADIUSdesk.
-  * The agent also reports back to RADIUSdesk on the status of the service and any active peer connections.
+  * The agent also reports back to RADIUSdesk on the status of Wireguard and any active peer connections.
   * The following graphic shows how everything fits together.
 {{:technical:wireguard:wireguard-radiusdesk.jpg|}}
-===== Wireguard Servers Applet =====
+===== Wireguard Servers  =====
-  * The Wireguard Servers applet can be found under the **Other** -> **VPN & Tunneling** grouping.
+{{:technical:wireguard:wireguard_servers.png?nolink|}}
+  * Wireguard Servers can be found under the **Other** -> **VPN & Tunneling** grouping.
   * It has two tabs
         * The **Servers** tab displays all of the Wireguard servers which are managed centrally.
         * The **New Arrivals** lists Wireguard servers that reported to RADIUSdesk but which require on-boarding.
-==== Wireguard Instances ====
+==== Server Info ====
-  * We will cover Profiles first although it is the second sub-tab since it is required to have a profile ready in order to define a server.
+  * When you add a Wireguard server, you will need the following information from the server where the agent is installed on.
-==== Wireguard Peers ====
+^ Item      ^ Example       ^
+| IP Address    | 164.160.89.129  |
+| MAC Address   | 12-c1-f8-6c-53-c4 |
+| Uplink Interface | eth0 |
+  * **MAC Address** is used to uniquely identify the server.
+  * **IP Address** will be used in the peer configuration to specify the IP Address where a peer needs to connect with.
+  * **Uplink Interface** is used for the firewall rules when NAT is specified on a Wireguard instance.
+Each Wireguard server will have one or more Wireguard Instances associated with it.
+We will cover Wireguard Instances next.
+===== Wireguard Instances  =====
-=== Unique Settings (Profiles) ===
+{{:technical:wireguard:wireguard_instances.png?nolink|}}
-  * Profiles allow you to override certain values which were specified in the Base Config so that they become unique to that profile.
-  * These include items which might need tweaking for certain environments.
-  * Each of the sections inside the GUI maps to a section in the **/etc/accel-ppp.conf** file.
-=== Specific Settings (Server) ===
+  * After you defined a Wireguard Server, you can add Wireguard Instances belonging to the Wireguard server.
-  * This is the final category and one that is specific to an Accel-ppp server in the applet.
+  * One of the requirements that our clients had was the ability to control the bandwidth on Wireguard.
-  * An Accel-ppp server needs a mandatory Profile (Unique settings) and then two items which are specific.
+  * Wireguard Instances allows for this as well as the ability to specify it as a NAT breakout point.
-        * **Interface** This is the interface name on the server where we want to run the PPPoE servie on.
-        * **NAS Identifier** This is the specific identifier used to identify the Accel-ppp server on RADIUS.
-{{:technical:pppoe:acell-specific.png|}}
+{{:technical:wireguard:wireguard_instance_add.png?nolink|}}
+  * With each Wireguard Instance you can in turn manage the Wireguard Peers for the specific Wireguard Instance.
-==== Servers ====
+===== Wireguard Peers =====
-  * Although the Servers tab is first we started with the Profiles tab since we need to have a Profile available which we can associate with a server.
+{{:technical:wireguard:wireguard_peers.png?nolink|}}
-  * Each server has the following mandatory fields.
+  * The config of each Wireguard Peer that has been defined can be downloaded or a QR Code generated for easy configuration.
-        * **Name** A unique name to identify the server with.
-        * **MAC Address** This has to match the MAC Address of the interface on the device running Accel-ppp and is used as a identity field.
-        * **Server Profile** This was covered earlier in this document.
-        * **Interface** The name of the interface on which you plan to run the PPPoE service on (using Accel-ppp)
-        * **NAS Identifier** Used to identify the server when interacting with the RADIUS server.
-=== Servers GUI ===
+{{:technical:wireguard:wireguard_peers_qrcode.png?nolink|}}
-{{:technical:pppoe:acell-server.png|}}
-  * The screenshot above is from the Accel-ppp server applet.
-  * Let's look at some key points
-        * The Refresh button has an option to automatically refresh at fixed intervals. This is handy if you want to see when an Accel-ppp server comes online without having to hit the refresh button the whole time.
-        * Next to it is a toggle button which allows you to see either all defined server or only those servers which are currently online.
-        * The Add, Delete and Edit buttons should be self explanatory.
-        * The **Restart Service** button is used to set the restart service flag on a selected server.
-        * If it is set (indicated visually with a gears icon prepended to the name) and the next heartbeat arrives from the RADIUSdesk Accel-ppp agent. the agent will detect the flag and restart the Accel-ppp service.
-        * The visual indication will also be cleared.
-        * The final button is used to launch a new tab which will list all the active sessions.
-{{:technical:pppoe:acell-sessions.png|}}
-  * The final button on the active sessions tab in turn will allow you to terminate selected sessions.
-  * It works is a similar way to the **Restart Service** button for the server itself where a flag is set and there is a visual indication that a session is marked for disconnect until the next heartbeat where it will be cleared and the RADIUSdesk Accel-ppp agent will terminate the user's session.
 ==== New Arrivals ====
-{{:technical:pppoe:acell-arrival.png|}}
+{{:technical:wireguard:wireguard_arrivals.png?nolink|}}
-  * Any of the Accel-ppp servers that still needs on-boarding will be listed under **New Arrivals**.
+  * Any of the Wireguard servers that still needs on-boarding will be listed under **New Arrivals**.
   * Simply select the one you want to on-board and provide the required information to allow it to become part of the managed servers.
-  * Reboot the device after on-boarding and the configuration will be applied through the RADIUSdesk Accel-ppp agent.
+  * Reboot the device after on-boarding and the configuration will be applied through the RADIUSdesk Wireguard agent.
 ==== Next Steps ====
-  * Be sure to check out the steps to follow on the Ubuntu or Raspberry Pi to install the RADIUSdesk Accel-ppp agent so it can be managed by RADIUSdesk.
+  * Be sure to check out the steps to follow on the Ubuntu or Raspberry Pi to install the RADIUSdesk Wireguard agent so it can be managed by RADIUSdesk.