1. Enable WireGuard on NSE
-
Log in to the cnMaestro interface.
-
Navigate to the NSE configuration, go to VPN
-
Enable WireGuard on the device, set up the dhcp pool/
2. Create a User for Authentication
-
Go to the Users section.
-
Add a new user with the following details:
-
Username: Use the user’s email ID.
-
Password: Configure the desired password.
-
This user account will be used for the second authentication step.
3. Add a wireguard client for the user
-
Enable wireguard for the user.
-
Select the wan interface
-
Add a client for the user and Generate the client configuration file.
Download the generated configuration file. This file will be installed on the WireGuard client device.
4. Enable Password Authentication via Overrides
Push the following configuration using User Defined Overrides: here the user list is the user number. For example if you add the first user the user-list 1 for second user the user-list 2 and so on
!
radius-server users-list 2
wireguard-password-auth_enable
!
This enables password authentication for WireGuard users.
5. Sync the Configuration
After applying the override:
-
Sync the configuration from cnMaestro to the NSE.
-
Reboot the NSE to apply the changes.
6. Configure the Client
-
Install the WireGuard configuration on the client device.
-
Import the configuration file generated earlier.
7. Establish the Tunnel
Start the WireGuard connection from the client.
Once connected, the tunnel will be established between the client and the NSE.
Example:
-
Client IP:
172.16.0.3 -
WireGuard Interface IP:
172.16.0.1
8. Perform Second-Factor Authentication
-
Open a web browser on the client device.
-
Type the WireGuard interface IP in the browser:
http://172.16.0.1 -
You will be redirected to the authentication page.
9. Login
Enter the following credentials:
-
Username: Email ID configured earlier
-
Password: User password
After successful authentication, the VPN session will be fully authorized and the user can forward data.