Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:wireguard-rd-support [2025/11/04 07:49] systemtechnical:wireguard-rd-support [2025/11/04 09:47] (current) – [Next Steps] system
Line 2: Line 2:
 ===== Introduction ===== ===== Introduction =====
   * As of November 2025, RADIUSdesk can centrally manage Wireguard running on Ubuntu and Raspberry Pi based devices.   * As of November 2025, RADIUSdesk can centrally manage Wireguard running on Ubuntu and Raspberry Pi based devices.
-  * With the **Wireguard Servers** applet you declare and manage one or more instances of Wireguard on these devices. +  * The **Wireguard Servers** applet declares and manages one or more instances of Wireguard on these devices. 
-  * On the device you install lightweight agent which interacts with RADIUSdesk.+  * The device runs a lightweight agent which interacts with RADIUSdesk.
   * The agent also reports back to RADIUSdesk on the status of Wireguard and any active peer connections.   * The agent also reports back to RADIUSdesk on the status of Wireguard and any active peer connections.
   * The following graphic shows how everything fits together.   * The following graphic shows how everything fits together.
Line 9: Line 9:
  
 ===== Wireguard Servers  ===== ===== Wireguard Servers  =====
 +
 +{{:technical:wireguard:wireguard_servers.png?nolink|}}
 +
   * Wireguard Servers can be found under the **Other** -> **VPN & Tunneling** grouping.   * Wireguard Servers can be found under the **Other** -> **VPN & Tunneling** grouping.
   * It has two tabs   * It has two tabs
Line 20: Line 23:
 | MAC Address   | 12-c1-f8-6c-53-c4 | | MAC Address   | 12-c1-f8-6c-53-c4 |
 | Uplink Interface | eth0 | | Uplink Interface | eth0 |
 +
   * **MAC Address** is used to uniquely identify the server.   * **MAC Address** is used to uniquely identify the server.
   * **IP Address** will be used in the peer configuration to specify the IP Address where a peer needs to connect with.   * **IP Address** will be used in the peer configuration to specify the IP Address where a peer needs to connect with.
   * **Uplink Interface** is used for the firewall rules when NAT is specified on a Wireguard instance.   * **Uplink Interface** is used for the firewall rules when NAT is specified on a Wireguard instance.
  
-==== Wireguard Instances ==== +Each Wireguard server will have one or more Wireguard Instances associated with it. 
-  We will cover Profiles first although it is the second sub-tab since it is required to have a profile ready in order to define a server. + 
-==== Wireguard Peers ====+We will cover Wireguard Instances next.
  
- +===== Wireguard Instances  =====
  
-=== Unique Settings (Profiles) === +{{:technical:wireguard:wireguard_instances.png?nolink|}}
-  * Profiles allow you to override certain values which were specified in the Base Config so that they become unique to that profile. +
-  * These include items which might need tweaking for certain environments. +
-  * Each of the sections inside the GUI maps to a section in the **/etc/accel-ppp.conf** file.+
  
-=== Specific Settings (Server) === +  * After you defined a Wireguard Server, you can add Wireguard Instances belonging to the Wireguard server. 
-  * This is the final category and one that is specific to an Accel-ppp server in the applet+  * One of the requirements that our clients had was the ability to control the bandwidth on Wireguard
-  * An Accel-ppp server needs a mandatory Profile (Unique settings) and then two items which are specific. +  Wireguard Instances allows for this as well as the ability to specify it as a NAT breakout point.
-        * **Interface** This is the interface name on the server where we want to run the PPPoE servie on. +
-        * **NAS Identifier*This is the specific identifier used to identify the Accel-ppp server on RADIUS. +
-{{:technical:pppoe:acell-specific.png|}}+
  
 +{{:technical:wireguard:wireguard_instance_add.png?nolink|}}
  
 +  * With each Wireguard Instance you can in turn manage the Wireguard Peers for the specific Wireguard Instance.
  
-==== Servers ==== +===== Wireguard Peers ===== 
-  * Although the Servers tab is first we started with the Profiles tab since we need to have a Profile available which we can associate with a server+{{:technical:wireguard:wireguard_peers.png?nolink|}} 
-  * Each server has the following mandatory fields. +  * The config of each Wireguard Peer that has been defined can be downloaded or QR Code generated for easy configuration.
-        * **Name** A unique name to identify the server with. +
-        * **MAC Address** This has to match the MAC Address of the interface on the device running Accel-ppp and is used as identity field. +
-        * **Server Profile** This was covered earlier in this document. +
-        * **Interface** The name of the interface on which you plan to run the PPPoE service on (using Accel-ppp) +
-        * **NAS Identifier** Used to identify the server when interacting with the RADIUS server.+
  
-=== Servers GUI === +{{:technical:wireguard:wireguard_peers_qrcode.png?nolink|}}
-{{:technical:pppoe:acell-server.png|}} +
-  * The screenshot above is from the Accel-ppp server applet.  +
-  * Let's look at some key points +
-        * The Refresh button has an option to automatically refresh at fixed intervals. This is handy if you want to see when an Accel-ppp server comes online without having to hit the refresh button the whole time. +
-        * Next to it is a toggle button which allows you to see either all defined server or only those servers which are currently online. +
-        * The Add, Delete and Edit buttons should be self explanatory. +
-        * The **Restart Service** button is used to set the restart service flag on a selected server.  +
-        * If it is set (indicated visually with a gears icon prepended to the name) and the next heartbeat arrives from the RADIUSdesk Accel-ppp agent. the agent will detect the flag and restart the Accel-ppp service. +
-        * The visual indication will also be cleared. +
-        * The final button is used to launch a new tab which will list all the active sessions.+
  
-{{:technical:pppoe:acell-sessions.png|}} 
-  * The final button on the active sessions tab in turn will allow you to terminate selected sessions. 
-  * It works is a similar way to the **Restart Service** button for the server itself where a flag is set and there is a visual indication that a session is marked for disconnect until the next heartbeat where it will be cleared and the RADIUSdesk Accel-ppp agent will terminate the user's session. 
  
 ==== New Arrivals ==== ==== New Arrivals ====
-{{:technical:pppoe:acell-arrival.png|}} +{{:technical:wireguard:wireguard_arrivals.png?nolink|}} 
-  * Any of the Accel-ppp servers that still needs on-boarding will be listed under **New Arrivals**.+  * Any of the Wireguard servers that still needs on-boarding will be listed under **New Arrivals**.
   * Simply select the one you want to on-board and provide the required information to allow it to become part of the managed servers.   * Simply select the one you want to on-board and provide the required information to allow it to become part of the managed servers.
-  * Reboot the device after on-boarding and the configuration will be applied through the RADIUSdesk Accel-ppp agent.+  * Reboot the device after on-boarding and the configuration will be applied through the RADIUSdesk Wireguard agent.
  
 ==== Next Steps ==== ==== Next Steps ====
-  * Be sure to check out the steps to follow on the Ubuntu or Raspberry Pi to install the RADIUSdesk Accel-ppp agent so it can be managed by RADIUSdesk.+  * Be sure to check out the steps to follow on the Ubuntu or Raspberry Pi to install the RADIUSdesk Wireguard agent so it can be managed by RADIUSdesk.
  • technical/wireguard-rd-support.1762235353.txt.gz
  • Last modified: 2025/11/04 07:49
  • by system