Menu
▾
▴
Re: [Astlinux-devel] Wireguard Q's
|
From: David K. <da...@ke...> - 2017-11-14 20:24:26
|
Lonnie, Thanks, sounds good. Maybe I missed it, but in reading the doc you wrote I could see how to setup a server, but not how to set up AstLinux as a client? I'm keen to try this out, but will start with a linux client in a VM. Time to google for instructions on that. Thanks David On Tue, Nov 14, 2017 at 2:06 PM, Lonnie Abelbeck <li...@lo...> wrote: > > On Nov 14, 2017, at 11:37 AM, Michael Keuter <li...@mk...> > wrote: > > > > >> Am 14.11.2017 um 17:56 schrieb David Kerr <da...@ke...>: > >> > >> Lonnie, > >> I have some questions on the new Wireguard features... > >> > >> Does AstLinux implement server only, or both client and server. ie, > can I use wireguard to connect two AstLinux boxes together over the > internet... and allow clients on each LAN to route traffic through the VPN > to the other's LAN? > > > > Yes. (Both client and server) > > Hi David, > > I currently have a remote SIP peer over WireGuard instead of public SIP > for an AstLinux to AstLinux configuration. I also AllowedIPs one of my LAN > IP's to perform remote management. Works great! > > And the tunnel can transfer both IPv4/IPv6 and any peer to peer connection > can be over either IPv4 or IPv6. > > > >> Is the public/private key used by the VPN same as that used by other > AstLinux services and can it be a LetsEncrypt/acme issues/managed > certificate? > > > > No. > > The public keys are short, base64 encoded strings like " > HIgo9xNzJMWLKASShiTqIybxZ0U3wGLiUeJ1PKf8ykw=" thanks to Elliptic-curve > cryptography. Simple Copy/Paste to share public keys between peers. > > Yesterday I fired up a VM and created a WireGuard tunnel between the VM > and one of my test boxes, it took less than 2 minutes. > > > >> Are you aware of any easy to use MacOS or Windows clients? > > > > There are no yet. > > https://www.wireguard.com/install/ > > > > Michael > > It will take a little time for non-Linux user-space implementations, but > that is on the roadmap. Android will probably appear first. > > In the lab I have achieved iperf3 speeds of nearly 700 Mbps using two > parallel streams between a Qotom J1900 and Jetway N2930 over a WireGuard > VPN. OpenVPN maxes out at 110 Mbps. For AstLinux users 1 Gb VPN routing > is probably not needed yet, but the efficiency leaves more CPU head-room > for Asterisk and other services, and not to mention the very easy > configuration for site to site VPN's. > > More interesting tidbits ... > > It looks pretty clear that WireGuard will make it into the mainline Linux > kernel: > https://plus.google.com/+gregkroahhartman/posts/jD6N4BzToa3 > > A VPN provider comments - WireGuard is the future > https://mullvad.net/blog/2017/9/27/wireguard-future/ > > A lot of projects offer WireGuard... > https://www.wireguard.com/install/ > > Lonnie > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-devel mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-devel > |
