Menu
▾
▴
Re: [Astlinux-devel] Wireguard Q's
|
From: Lonnie A. <li...@lo...> - 2017-11-14 19:07:02
|
On Nov 14, 2017, at 11:37 AM, Michael Keuter <li...@mk...> wrote: > >> Am 14.11.2017 um 17:56 schrieb David Kerr <da...@ke...>: >> >> Lonnie, >> I have some questions on the new Wireguard features... >> >> Does AstLinux implement server only, or both client and server. ie, can I use wireguard to connect two AstLinux boxes together over the internet... and allow clients on each LAN to route traffic through the VPN to the other's LAN? > > Yes. (Both client and server) Hi David, I currently have a remote SIP peer over WireGuard instead of public SIP for an AstLinux to AstLinux configuration. I also AllowedIPs one of my LAN IP's to perform remote management. Works great! And the tunnel can transfer both IPv4/IPv6 and any peer to peer connection can be over either IPv4 or IPv6. >> Is the public/private key used by the VPN same as that used by other AstLinux services and can it be a LetsEncrypt/acme issues/managed certificate? > > No. The public keys are short, base64 encoded strings like "HIgo9xNzJMWLKASShiTqIybxZ0U3wGLiUeJ1PKf8ykw=" thanks to Elliptic-curve cryptography. Simple Copy/Paste to share public keys between peers. Yesterday I fired up a VM and created a WireGuard tunnel between the VM and one of my test boxes, it took less than 2 minutes. >> Are you aware of any easy to use MacOS or Windows clients? > > There are no yet. > https://www.wireguard.com/install/ > > Michael It will take a little time for non-Linux user-space implementations, but that is on the roadmap. Android will probably appear first. In the lab I have achieved iperf3 speeds of nearly 700 Mbps using two parallel streams between a Qotom J1900 and Jetway N2930 over a WireGuard VPN. OpenVPN maxes out at 110 Mbps. For AstLinux users 1 Gb VPN routing is probably not needed yet, but the efficiency leaves more CPU head-room for Asterisk and other services, and not to mention the very easy configuration for site to site VPN's. More interesting tidbits ... It looks pretty clear that WireGuard will make it into the mainline Linux kernel: https://plus.google.com/+gregkroahhartman/posts/jD6N4BzToa3 A VPN provider comments - WireGuard is the future https://mullvad.net/blog/2017/9/27/wireguard-future/ A lot of projects offer WireGuard... https://www.wireguard.com/install/ Lonnie |
