Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
userdoc:tt_wireguard_vpn [2018/12/01 10:47] abelbeck [WireGuard Configuration Options] |
userdoc:tt_wireguard_vpn [2018/12/01 11:02] abelbeck [WireGuard Configuration Options] |
Check "WireGuard VPN" and click on **WireGuard Configuration** | Check "WireGuard VPN" and click on **WireGuard Configuration** |
| |
{{:userdoc:wireguard-vpn-initial-config.jpg?nolink|WireGuard VPN Initial Config}} | {{:userdoc:wireguard-vpn-initial-config.png?nolink|WireGuard VPN Initial Config}} |
| |
Fill in the "IPv4 Address", click "Save Settings" and then "Restart VPN". | Fill in the "IPv4 Address", click "Save Settings" and then "Restart VPN". |
===== WireGuard Configuration Options ===== | ===== WireGuard Configuration Options ===== |
| |
{{:userdoc:wireguard-vpn-tunnel.jpg?nolink|WireGuard VPN Tunnel Options}} | {{:userdoc:wireguard-vpn-tunnel.png?nolink|WireGuard VPN Tunnel Options}} |
| |
* IPv4 Address: Define an IPv4 address which configures the WireGuard tunnel device ''wg0'' network. Required. | * IPv4 Address: Define an IPv4 address which configures the WireGuard tunnel device ''wg0'' network. Required. |
!!Note ->!! If an ''AllowedIPs'' entry specifies a ''/0'' default route, no automatic route will be created for that entry. | !!Note ->!! If an ''AllowedIPs'' entry specifies a ''/0'' default route, no automatic route will be created for that entry. |
| |
{{:userdoc:wireguard-vpn-interface.jpg?nolink|WireGuard VPN Interface Options}} | {{:userdoc:wireguard-vpn-interface.png?nolink|WireGuard VPN Interface Options}} |
| |
* Interface Device: Set the tunnel interface device, currently only ''wg0'' is shown. | * Interface Device: Set the tunnel interface device, currently only ''wg0'' is shown. |
| |
* External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#wireguard-vpn|wireguard-vpn plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. | * External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#wireguard-vpn|wireguard-vpn plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. |
* Redirect Ports: Choose pre-defined UDP ports on the external interface to redirect to the "UDP Listen Port" {{:userdoc:wireguard-vpn-firewall-redirect-ports.png?nolink|WireGuard VPN Firewall Redirect Ports}} This is useful when a remote client using public WiFi with restrictive outbound port filtering can use alternate outbound ports to the standard WireGuard VPN endpoint. | |
* Peer Isolation: Choose to "Pass" or "Deny" Peer->Peer traffic. "Deny" isolates connected peers, blocking access with each other. | |
| |
!!Tip ->!! Allow any external IPv4-only address by defining "External Hosts:" to ''0.0.0.0/0'' | !!Tip ->!! Allow any external IPv4-only address by defining "External Hosts:" to ''0.0.0.0/0'' |
!!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to ''0/0'' | !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to ''0/0'' |
| |
{{:userdoc:wireguard-vpn-public-key.jpg?nolink|WireGuard VPN Public Key}} | * Redirect Ports: Choose pre-defined UDP ports on the external interface to redirect to the "UDP Listen Port". This is useful when a remote client using public WiFi with restrictive outbound port filtering can use alternate outbound ports to the standard WireGuard VPN endpoint. {{:userdoc:wireguard-vpn-firewall-redirect-ports.png?nolink|WireGuard VPN Firewall Redirect Ports}} |
| * Peer Isolation: Choose to "Pass" or "Deny" Peer->Peer traffic. "Deny" isolates connected peers, blocking access with each other. |
| |
| {{:userdoc:wireguard-vpn-public-key.png?nolink|WireGuard VPN Public Key}} |
| |
When WireGuard VPN is active, a "This Peer's Public Key:" entry is shown, for easy copy/paste to remote peer configurations. | When WireGuard VPN is active, a "This Peer's Public Key:" entry is shown, for easy copy/paste to remote peer configurations |
| . |
===== Enable Firewall ===== | ===== Enable Firewall ===== |
| |