How to install wireguard Connector on windows OS?

This article describes how to install a WireGuard based connector on a windows OS in your organization instead of creating a tunnel between your Cloud Edge and your Firewall/Router.

SYMPTOMS:
WireGuard connector is modern, Safe, secure and high-performance tunnel. We can create tunnel between your Cloud Edge and Windows system resides in your network. We can access all resources as per the configured subnet/Network.

The following conditions exist for WireGuard Connector errors:

1. Peer configuration is wrongly configured
2. Your Cloud Edge Gateway IP is not reachable from the windows OS
3. Broken installation of the WireGuard connector on your windows OS

To enable Wireguard tunnel between your Cloud Edge and the windows OS, we need to first create wireguard connector on the Cloud Edge and then Construct a peer configuration file for the wireguard connector on windows side configuration. The following steps need to be followed

1. Create a WireGuard Connector Tunnel in the Cloud Edge portal on your gateway. Usually, the tunnel gets the following settings:
   
   
   • Endpoint: Public IP of your on-prem device(windows), In case windows does not have Public IP then you can create Dynamic IP Tunnel using the Endpoint IP as 0.0.0.0
   • Subnets: The subnet(s) you are trying to reach via this tunnel
     
2. Download the Windows Wireguard Service installation file.
3. Run the Windows Wireguard Service installation on to your device windows
   
   Requirements
   • Windows Server 2016 / Windows 10 or any windows where WireGuard service can be installed and run
   • All Microsoft updates and hotfixes are applied • Static internal IP address
   • Internet traffic and UDP port 8000 are open
     
     
     
     
     
4. Copy the URL in the configuration tab of the WireGuard connector on Cloud Edge
   
   NOTE: * Don't copy the command from this article - each tunnel will have a different URL and configuration file
   
   
   • Paste the URL into a web browser on your device (Windows). This will immediately be followed by a file download. Download the config file.
     
     
     
   • Create a conf file with any custom name like CloudEdge.conf & save it to your local machine/Windows
   • Open the downloaded peer config and copy the Interface information as highlighted in the screen shot below. Copy & paste the code to the CloudEdge.conf file
     
     [Interface]
     ListenPort = ${CONFIG_port}
     PrivateKey = ${CONFIG_privateKey}
     Address = ${CONFIG_address}
     
     [Peer]
     PublicKey = ${CONFIG_pubKey}
     AllowedIPs = ${CONFIG_allowedIP}
     PersistentKeepalive = 10
     Endpoint = ${CONFIG_endpoint}
     
     
     
     
   • Copy the Cloud Edge CONFIG_ for wireguard from the configuration file. It starts with ‘CONFIG_ ‘ see the screen shot of the config file and fill the details to the CloudEdge.conf file
     
     
     
   • • After filling all data to the CloudEdge.conf file, this will look like below
     
     
     
5. Open the Wireguard Service application on your Windows machine and click on "Import tunnel(s) from file". Select the CloudEdge.conf file
   
   
   
   
   
6. Once the conf is imported then it will create a tunnel icon on the WireGuard service. Now activate the Tunnel in order to connect.
   
   
   
   
7. Wireguard connection is successfully completed, we can verify the Wireguard tunnel status from the Cloud Edge
   

Troubleshooting:

1. Connect to your Cloud Edge VPN agent or with the ZTNA application(s) (you can do it on any machine).
2. Open the terminal and run the following command:
   
    ping XXX.XXX.XXX.XXX - internal resource!
   
   
3. If the ping command fails, please make sure that port UDP/8000 is not blocked on your device/windows, and that you went through all the steps.
   
   
   • Make sure the received bytes field fluctuates and increases. Wireguard will only communicate to an authenticated neighbor
   • Ping the other side of the tunnel interface, if that works, its most likely your local firewall settings on the docker container
     
     
4. You can edit the WireGuard network settings (endpoint and subnet) later for restrict the specific network subnet or resources from your device/windows. You can find the subnet/network details of the device/windows by going to CLI.