Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
userdoc:tt_wireguard_vpn [2018/12/01 11:02] abelbeck [WireGuard Configuration Options] |
userdoc:tt_wireguard_vpn [2020/01/29 07:43] abelbeck [WireGuard VPN Configuration] |
||
---|---|---|---|
Line 3: | Line 3: | ||
AstLinux now supports the [[https:// | AstLinux now supports the [[https:// | ||
- | !!Info ->!! Currently (November 2018) WireGuard has not quite yet been accepted into the mainline Linux kernel. Be certain to perform your own due diligence and testing of what could become the premier VPN in the not too distant future. | + | !!Info ->!! Currently (January 2020) WireGuard has been accepted into the mainline Linux kernel, officially to appear in Linux 5.6. Be certain to perform your own due diligence and testing of what could become the premier VPN in the not too distant future. |
- | !!Note: AstLinux 1.3.2 or later is required!! | + | !!Note: AstLinux 1.3.2 or later is required, new features with 1.3.5 or later!! |
+ | !!Note: AstLinux 1.3.6 or later!! supports **Reload WireGuard VPN** | ||
+ | |||
+ | !!Note: AstLinux 1.3.7 or later!! supports **WG-> | ||
===== WireGuard Initial Configuration ===== | ===== WireGuard Initial Configuration ===== | ||
Line 77: | Line 80: | ||
[Remote_Config] | [Remote_Config] | ||
Address = 10.4.0.137/ | Address = 10.4.0.137/ | ||
- | DNS = 192.168.101.1 | + | DNS = 10.4.0.10 |
* The '' | * The '' | ||
Line 133: | Line 136: | ||
{{: | {{: | ||
+ | |||
+ | !!Note: AstLinux 1.3.6 or later!! supports **Reload WireGuard VPN** for those situations when only peers are edited, added or removed. | ||
+ | |||
+ | If Tunnel/ | ||
+ | |||
===== WireGuard Configuration Options ===== | ===== WireGuard Configuration Options ===== | ||
Line 172: | Line 180: | ||
* Peer Isolation: | * Peer Isolation: | ||
+ | !!Note: AstLinux 1.3.7 or later!! supports **WG-> | ||
+ | |||
+ | {{: | ||
+ | |||
+ | * Firewall Rules: Choose either "Deny WG-> | ||
+ | |||
+ | !!Important ->!! The default policy is to allow all **WG-> | ||
+ | |||
+ | ICMP Echo Request (ping) packets are allowed and rate-limited for **WG-> | ||
+ | |||
+ | * TCP: Define '' | ||
+ | * UDP: Define '' | ||
+ | |||
+ | !!Tip ->!! Allow SSH and DNS traffic, deny all other traffic ... choose "Pass WG-> | ||
+ | |||
+ | !!Tip ->!! Deny HTTP/HTTPS traffic, allow all other traffic ... choose "Deny WG-> | ||
+ | |||
+ | !!Tip ->!! Click on the blue '' | ||
+ | |||
+ | \\ | ||
{{: | {{: | ||
- | When WireGuard VPN is active, a "This Peer's Public Key:" entry is shown, for easy copy/paste to remote peer configurations | + | When WireGuard VPN is active, a "This Peer's Public Key:" entry is shown, for easy copy/paste to remote peer configurations. |
- | . | + | |
===== Enable Firewall ===== | ===== Enable Firewall ===== | ||
Line 227: | Line 255: | ||
===== WireGuard Client Support ===== | ===== WireGuard Client Support ===== | ||
- | WireGuard is now available for [[https:// | + | WireGuard is now available for [[https:// |
+ | |||
+ | Each client is open source and free to use. | ||
\\ | \\ |