Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
userdoc:tt_wireguard_vpn [2019/07/03 09:07] abelbeck [WireGuard VPN Configuration] |
userdoc:tt_wireguard_vpn [2019/09/19 11:04] abelbeck [WireGuard Configuration Options] |
!!Note: AstLinux 1.3.6 or later!! supports **Reload WireGuard VPN** | !!Note: AstLinux 1.3.6 or later!! supports **Reload WireGuard VPN** |
| |
| !!Note: AstLinux 1.3.7 or later!! supports **WG->Local** firewall rules |
===== WireGuard Initial Configuration ===== | ===== WireGuard Initial Configuration ===== |
| |
| |
{{:userdoc:wireguard-vpn-edit-restart.jpg?nolink|Restart WireGuard VPN}} | {{:userdoc:wireguard-vpn-edit-restart.jpg?nolink|Restart WireGuard VPN}} |
| |
| !!Note: AstLinux 1.3.6 or later!! supports **Reload WireGuard VPN** for those situations when only peers are edited, added or removed. **Reload WireGuard VPN** will apply the peer changes without interrupting currently active peers. |
| |
| If Tunnel/Interface/Firewall Options are changed, you must use **Restart WireGuard VPN** to apply changes. |
| |
===== WireGuard Configuration Options ===== | ===== WireGuard Configuration Options ===== |
| |
* Redirect Ports: Choose pre-defined UDP ports on the external interface to redirect to the "UDP Listen Port". This is useful when a remote client using public WiFi with restrictive outbound port filtering can use alternate outbound ports to the standard WireGuard VPN endpoint. {{:userdoc:wireguard-vpn-firewall-redirect-ports.png?nolink|WireGuard VPN Firewall Redirect Ports}} | * Redirect Ports: Choose pre-defined UDP ports on the external interface to redirect to the "UDP Listen Port". This is useful when a remote client using public WiFi with restrictive outbound port filtering can use alternate outbound ports to the standard WireGuard VPN endpoint. {{:userdoc:wireguard-vpn-firewall-redirect-ports.png?nolink|WireGuard VPN Firewall Redirect Ports}} |
* Peer Isolation: Choose to "Pass" or "Deny" Peer->Peer traffic. "Deny" isolates connected peers, blocking access with each other. | * Peer Isolation: Choose to "Pass" or "Deny" Peer->Peer traffic. "Deny" isolates connected peers, blocking access with each other. |
| |
| {{:userdoc:wireguard-vpn-firewall-wg-local.png?nolink|WireGuard VPN Firewall WG->Local}} |
| |
{{:userdoc:wireguard-vpn-public-key.png?nolink|WireGuard VPN Public Key}} | {{:userdoc:wireguard-vpn-public-key.png?nolink|WireGuard VPN Public Key}} |