Wireguard for PFC

xxyzz · November 15, 2024, 3:07pm

"Hello,

I was wondering if anyone has experimented with running WireGuard on a Wago PFC or CC. It would be great to have a WireGuard client running locally on the controller. Although OpenVPN is a viable option, I find WireGuard to be faster, more lightweight, and easier to use.

I attempted to install the WireGuard client from the OpenWrt repository, but unfortunately, the CPU architecture is not supported.

Thanks,
xxyzz

MikePsaltis · November 15, 2024, 4:09pm

Hello,

I have not tried Wireguard, but have had success with ZeroTier. In my experience is faster, and more simple to configure than OpenVPN. I have also seen others use Tailscale on a PFC200.

elemen · January 19, 2025, 8:00pm

One of the Best Guidance. The vpn connection has succeeded. Thank u

andersop91 · October 2, 2025, 6:54pm

I’ve made wireguard work on a PFC200 G2 using wireguard-go and thw wireguard-tools.

See notes below;

# Advanced: Compiling wireguard binaries

The included binaries are tested at PFC200 FW29, but there might be required new versions in future. These instructions would give a good inidication on how to do that.

## Requirements

Assuming working in a linux environment. The following routine has been devoloped from a windows computer, running WSL2 (Ubuntu 24.04.1 LTS)

The [WAGO PFC Firmware SDK](github) is needed for compiling the wireguard-tools binary.

In WSL:

- Firstly, update the system: `sudo apt update && sudo apt upgrade`

## wireguard-go

*version: 0.0.20250522, commit: f333402bd9cbe0f3eeb02507bd14e23d7d639280*

### Dependencies:

- `git` (1:2.43.0-1ubuntu7.3)

- `golang-go` (2:1.22~2build1)

- `build-essential` (12.10ubuntu1)

- `pkg-config` (1.8.1-2build1)

In WSL:

1. Install dependencies: `sudo apt install git=1:2.43.0-1ubuntu7.3 golang-go=2:1.22~2build1 build-essential=12.10ubuntu1 pkg-config=1.8.1-2build1 -y`

2. Clone wireguard-go repo: `git clone wireguard-go - Go implementation of WireGuard && cd wireguard-go`

3. Gheckout tested version: `git checkout 0.0.20250522`

4. Compile binary: `GOOS=linux GOARCH=arm GOARM=7 go build -o wireguard-go`

Result: `wireguard-go` binary (approx 4MB)

## wireguard-tools

*version: v1.0.20250521, commit: 0b7d9821f2815973a2930ace28a3f73c205d0e5c*

### Dependencies:

- `pfc-firmware-sdk-G2` (FW28-V04.06.01-Hotfix02)

In WSL:

1. Clone wireguard-tools repo: `git clone wireguard-tools - Required tools for WireGuard, such as wg(8) and wg-quick(8) && cd wireguard-tools`

2. Checkout tested version: `git checkout v1.0.20250521 && cd ~`

3. Clone dependencies, Wago firmware SDK: `git clone && pfc-firmware-sdk-G2`

4. Checkout required FW version: `git checkout FW28-V04.06.01-Hotfix02`

5. Setup environment: `make builder` (requires docker running, and linked to WSL2 distro)

6. Enter SDK container: `make bash`

From a parallel WSL terminal:

1. Run `docker ps` to get `` of running container.

2. Copy wireguard-tools files to container: `docker cp ~/wireguard-tools/ :/home/user/wireguard-tools`

From SDK container:

1. Find and set toolchain path: `export PATH=/opt/gcc-Toolchain-2022.08-wago.1/LINARO.Toolchain-2022.08-wago.1/arm-linux-gnueabihf/bin:$PATH`. Verify afterward by `which arm-linux-gnueabihf-gcc`

2. Enter source folder and compile: `cd ~/wireguard-tools/src && make CC=arm-linux-gnueabihf-gcc`.

From WSL:

1. Copy result back from container to WSL filesystem by `docker cp :/home/user/wireguard-tools/src/wg ~/wg` and `docker cp :/home/user/wireguard-tools/src/wg-quick ~/wg-quick`.

Result: `wg` binary and a folder `wg-quick` with multiple bash scripts.

The attached `wg-quick` script in repo is based on the `wg-quick/linux.bash` and given execution priviliges and altered to be compatible with the PFC200 distro.

## Server setup

Put files at the following locations:

- `wireguard-go` → `/usr/local/bin/wireguard-go`

- `wg` → `/usr/local/bin/wg`

- `wg-quick` → `/usr/local/bin/wq-quick `

Ensure priviliges `chmod 755` for all files above

- `mkdir /etc/wireguard && chmod 700 /etc/wireguard`

- `server-wg0.conf` → `/etc/wireguard/wg0.conf` (notice the rename)

Set privilige `chmod 700 /etc/wireguard/wg0.conf`

**Enable symbolic links**

- `ln -s /usr/local/bin/wireguard-go /usr/bin/wireguard-go`

- `ln -s /usr/local/bin/wg /usr/bin/wg`

- `ln -s /usr/local/bin/wg-quick /usr/bin/wg-quick`

**Enable autostart**

Put the `wireguard` script into `/etc/init.d/` and enable symbolic link `ln -s /etc/init.d/wireguard /etc/rc.d/S99_wireguard`

## Client setup

Put file at the following location:

- `client-wg0.conf` → `/etc/wireguard/wg0.conf` (notice the rename)

Topic		Replies	Views
How To: Use ZeroTier on Wago Controllers Hardware and Linux pfc200 , how-to , edge-controller , tp600 , docker , linux , cc100	0	755	July 7, 2023
WAGO/pfc-firmware: Official WAGO firmware releases for PFC100/PFC200 series WAGO GitHub Repositories pfc200 , pfc100	0	1348	May 27, 2022
How To: TOSIBOX Lock Container on PFC200 & Edge Controller Partner Technology pfc200 , how-to , edge-controller	0	432	May 26, 2022
SSH to a remote Wago PLC Hardware and Linux pfc200 , how-to	6	1145	August 17, 2022
Visual Studio Code and Remote Container developement on Wago Device Hardware and Linux pfc200 , pfc100 , how-to , edge-controller , linux	0	452	September 15, 2022

Wireguard for PFC

Related topics