userdoc:tt_wireguard_vpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
userdoc:tt_wireguard_vpn [2018/12/01 10:48]
abelbeck [WireGuard Configuration Options] 		userdoc:tt_wireguard_vpn [2018/12/01 11:02]
abelbeck [WireGuard Configuration Options]
Line 17: Line 17:
 Check "WireGuard VPN" and click on **WireGuard Configuration** Check "WireGuard VPN" and click on **WireGuard Configuration**
  
-{{:userdoc:wireguard-vpn-initial-config.jpg?nolink|WireGuard VPN Initial Config}}+{{:userdoc:wireguard-vpn-initial-config.png?nolink|WireGuard VPN Initial Config}}
  
 Fill in the "IPv4 Address", click "Save Settings" and then "Restart VPN". Fill in the "IPv4 Address", click "Save Settings" and then "Restart VPN".
Line 135: Line 135:
 ===== WireGuard Configuration Options ===== ===== WireGuard Configuration Options =====
  
-{{:userdoc:wireguard-vpn-tunnel.jpg?nolink|WireGuard VPN Tunnel Options}}+{{:userdoc:wireguard-vpn-tunnel.png?nolink|WireGuard VPN Tunnel Options}}
  
   * IPv4 Address:  Define an IPv4 address which configures the WireGuard tunnel device ''wg0'' network.  Required.   * IPv4 Address:  Define an IPv4 address which configures the WireGuard tunnel device ''wg0'' network.  Required.
Line 151: Line 151:
 !!Note ->!! If an ''AllowedIPs'' entry specifies a ''/0'' default route, no automatic route will be created for that entry. !!Note ->!! If an ''AllowedIPs'' entry specifies a ''/0'' default route, no automatic route will be created for that entry.
  
-{{:userdoc:wireguard-vpn-interface.jpg?nolink|WireGuard VPN Interface Options}}+{{:userdoc:wireguard-vpn-interface.png?nolink|WireGuard VPN Interface Options}}
  
   * Interface Device:  Set the tunnel interface device, currently only ''wg0'' is shown.   * Interface Device:  Set the tunnel interface device, currently only ''wg0'' is shown.
Line 162: Line 162:
  
   * External Hosts:  Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#wireguard-vpn|wireguard-vpn plugin]] .  The firewall must be enabled, see the "Enable Firewall" section below for more info.   * External Hosts:  Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#wireguard-vpn|wireguard-vpn plugin]] .  The firewall must be enabled, see the "Enable Firewall" section below for more info.
-  * Redirect Ports:  Choose pre-defined UDP ports on the external interface to redirect to the "UDP Listen Port". This is useful when a remote client using public WiFi with restrictive outbound port filtering can use alternate outbound ports to the standard WireGuard VPN endpoint. {{:userdoc:wireguard-vpn-firewall-redirect-ports.png?nolink|WireGuard VPN Firewall Redirect Ports}} 
-  * Peer Isolation:  Choose to "Pass" or "Deny" Peer->Peer traffic. "Deny" isolates connected peers, blocking access with each other. 
  
 !!Tip ->!! Allow any external IPv4-only address by defining "External Hosts:" to ''0.0.0.0/0'' !!Tip ->!! Allow any external IPv4-only address by defining "External Hosts:" to ''0.0.0.0/0''
Line 171: Line 169:
 !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to ''0/0'' !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to ''0/0''
  
-{{:userdoc:wireguard-vpn-public-key.jpg?nolink|WireGuard VPN Public Key}}+  * Redirect Ports:  Choose pre-defined UDP ports on the external interface to redirect to the "UDP Listen Port". This is useful when a remote client using public WiFi with restrictive outbound port filtering can use alternate outbound ports to the standard WireGuard VPN endpoint. {{:userdoc:wireguard-vpn-firewall-redirect-ports.png?nolink|WireGuard VPN Firewall Redirect Ports}} 
 +  * Peer Isolation:  Choose to "Pass" or "Deny" Peer->Peer traffic. "Deny" isolates connected peers, blocking access with each other. 
 + 
 +{{:userdoc:wireguard-vpn-public-key.png?nolink|WireGuard VPN Public Key}}
  
 When WireGuard VPN is active, a "This Peer's Public Key:" entry is shown, for easy copy/paste to remote peer configurations When WireGuard VPN is active, a "This Peer's Public Key:" entry is shown, for easy copy/paste to remote peer configurations
  • userdoc/tt_wireguard_vpn.txt
  • Last modified: 2020/03/30 09:33
  • by abelbeck