Omada Pro Logo official website Vigi Logo official website
Bize Ulaşın
Türkiye / Türkçe

How to configure WireGuard VPN in Controller mode using Omada APP

Bilgi Tabanı
Yapılandırma Kılavuzu
Yer İmleriBağlantıyı Kopyala
10-31-2025
276

Contents

Introduction

Requirements

Configuration

Verification

Conclusion

Introduction

This article demonstrates how to configure a WireGuard VPN between Site HQ and Site STA, where each site is equipped with its own Omada Gateway.

By following the configuration steps in Controller mode using the Omada App, administrators can quickly establish a secure and reliable VPN tunnel to connect distributed networks.

Requirements

  • Omada Software Controller/Hardware Controller/Cloud Based Controller
  • Omada Gateways managed by Controller
  • Omada APP

Configuration

Step 1. Configure the HQ Site WireGuard Interface:

1. In site Settings > VPN > WireGuard, click “+” to create a WireGuard Interface, or editing existing entries.

Where to configure WireGuard on Omada APP.

2. Configure parameters accordingly.

Showcase WireGuard Interface configuration in HQ Site.

  • Name: Specify the name that identifies the WireGuard interface. (This does not affect the VPN tunnel or behavior.)
  • Status: Specify whether to enable the WireGuard interface. (Enable or disable your VPN tunnel.)
  • MTU: Specify the MTU value of the WireGuard interface. The default value of 1420 is recommended. (Usually, it does not need to be set; it is generally determined automatically by the system.)
  • Listen Port: Specify the port number that the WireGuard interface listens to. The default value is 51820. (Usually, the client does not need this to be configured. In this example, our router is the server. You can change this if you need it, and you know what you are doing.)
  • Local IP Address: Specify the IP address of the WireGuard interface. (Define the IP address of the WireGuard interface, which should be a non-occupied IP address. It is okay to configure outside your existing LAN range.)
  • Private Key: Specify the private key of the WireGuard interface. The value will be automatically generated on the device, and you can also modify it manually (Defines the private key of this specific VPN tunnel. It has to be set and cannot be shared with other tunnels.)
  • Public Key: Automatically generated after clicking “Done” to create the Interface.

3. Click “Done” to create the interface.

4. In a created Interface entry, you could click the Public Key to copy it. The Key is needed in step 3 where we would configure peer HQ information in the remote site STA.

Note: Please make sure any IP range configured in VPN local IP address doesn’t overlap with IP range in other sites, to avoid routing issues.

Step 2. Configure the Site STA WireGuard Interface:

Go to Site STA to configure its WireGuard Interface similarly.

Showcase WireGuard Interface configuration in STA Site.

  • Name: Specify the name that identifies the WireGuard interface. (This does not affect the VPN tunnel or behavior.)
  • Status: Specify whether to enable the WireGuard interface. (Enable or disable your VPN tunnel.)
  • MTU: Specify the MTU value of the WireGuard interface. The default value of 1420 is recommended. (Usually, it does not need to be set, and is generally determined automatically by the system.)
  • Listen Port: Specify the port number that the WireGuard interface listens to. The default value is 51820. (Usually, the client does not need this to be configured. In this example, our router is the server. You can change this if you need it, and you know what you are doing.)
  • Local IP Address: Specify the IP address of the WireGuard interface. (Define the IP address of the WireGuard interface, which should be a non-occupied IP address. It is okay to configure outside your existing LAN range.)
  • Private Key: Specify the private key of the WireGuard interface. The value will be automatically generated on the device, and you can also modify it manually (Defines the private key of this specific VPN tunnel. It has to be set and cannot be shared with other tunnels.)
  • Public Key: Automatically generated after clicking “Done” to create the Interface.

In a created Interface entry, you could click the Public Key to copy it. The Key is needed in step 4 where we would configure peer STA information in site HQ.

Note: Please make sure any IP range configured in VPN local IP address doesn’t overlap with IP range in other sites, to avoid routing issues.

Step 3. Configure Peer HQ Information in Site STA:

1. In site Settings > VPN > Peers, click “+” to create a WireGuard peer, or edit existing entries.

Where to configure Peer information.

Showcase peer configuration in STA site.

  • Name: Specify the name that identifies the WireGuard tunnel.
  • Interface: Choose the WireGuard interface to which the peer belongs.
  • Status: Specify whether to enable the peer setting.
  • Persistent Keepalive: Specify the tunnel keepalive packet interval. (This defines the interval of the keepalive packet sent to the Allowed Address.)
  • Comment: Enter the description of the peer.
  • Public Key: Fill in the public key of the peer HQ site.
  • Pre-Shared Key: Specify a shared key if needed.
  • Allowed Address: Specify the address segment that allows traffic to pass through. (Here you should specify the subnet of the peer LAN. This defines what you are allowed to access on the peer site. If you do not include the subnet, then you don't have access to it.)

Step 4. Configure Peer STA Information in HQ site:

Showcase peer configuration in HQ site.

  • Name: Specify the name that identifies the WireGuard tunnel.
  • Interface: Choose the WireGuard interface to which the peer belongs.
  • Status: Specify whether to enable the peer setting.
  • Persistent Keepalive: Specify the tunnel keepalive packet interval. (This defines the interval of the keepalive packet sent to the Allowed Address.)
  • Comment: Enter the description of the peer.
  • Public Key: Fill in the public key of the peer STA site.
  • Pre-Shared Key: Specify a shared key if needed.
  • Allowed Address: Specify the address segment that allows traffic to pass through. (Here you should specify the subnet of the peer LAN. This defines what you are allowed to access on the peer site. If you do not include the subnet, then you don't have access to it.)

Verification

Use a computer in a Site with allowed IP address to ping another device in the remote site with allowed IP address.

Successful ping result across configured sites.

Conclusion

After the configuration is complete, traffic between the allowed IPs on both sides will be securely routed through the WireGuard VPN.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Lütfen Bu Belgeyi Değerlendirin

İlgili Belgeler

How to configure WireGuard VPN on Omada Router in Standalone mode?

Yapılandırma Kılavuzu
VPN
Bağımsız
03-21-2024
13637

How to configure Wireguard VPN on Omada Gateway

Yapılandırma Kılavuzu
VPN
11-06-2024
21209

How to configure Account in Controller mode using Omada App

SSS
10-03-2025
2731

How to configure Site-to-Site WireGuard VPN on Omada Controller

Yapılandırma Kılavuzu
03-22-2024
16145

How to Configure Portal Authentication on Omada Controller using Omada App

SSS
10-24-2025
2108

AbonelikTP-Link, gizliliğinizi ciddiye alır. TP-Link'in gizlilik uygulamaları hakkında daha fazla ayrıntı için bkz. TP-Link's Privacy Policy.

Email Error

Bizi Takip Edin

About
Press
Learning Center
TP-Link Omada Omada Pro VIGI
Türkiye / Türkçe

Telif Hakkı © 2025 TP-Link Bilgi Teknolojileri Tic. Ltd. Şti. Tüm hakları saklıdır.

Bu web sitesi çerezler içermektedir. Çerezlerin kullanım amacı ve 6698 sayılı Kişisel Verilerin Korunması Kanunu uyarınca kişisel verilerin kullanımına dair şirket politikası hakkında daha fazla bilgi için buraya basınız. Tekrar Gösterme

Your Privacy Choices

Bu web sitesi çerezler içermektedir. Çerezlerin kullanım amacı ve 6698 sayılı Kişisel Verilerin Korunması Kanunu uyarınca kişisel verilerin kullanımına dair şirket politikası hakkında daha fazla bilgi için buraya basınız. Tekrar Gösterme

Temel Çerezler

Bu çerezler, web sitesinin çalışması için gereklidir ve sistemlerinizde devre dışı bırakılamaz.

TP-Link

SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Zendesk

OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance

Analiz ve Pazarlama Çerezleri

Analiz çerezleri, web sitemizin işlevselliğini geliştirmek ve uyarlamak için web sitemizdeki faaliyetlerinizi analiz etmemizi sağlar.

Pazarlama çerezleri, ilgi alanlarınıza uygun bir profil oluşturmak ve size diğer web sitelerinde alakalı reklamlar göstermek için reklam ortaklarımız tarafından web sitemiz aracılığıyla ayarlanabilir.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au