Re: [Astlinux-devel] Wireguard Q's

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

So, make sure I understand this correct.  I need to put the public key of
the client I want to let connect into the wg0.conf file, right? And the
subnet of the IP address that this client is going to use into Allowed IP's?

If I want to let multiple clients attach how do I go about that? where
would I list the multiple permitted public keys?

Thanks
David

On Tue, Nov 14, 2017 at 3:23 PM, David Kerr <da...@ke...> wrote:

> Lonnie,
>   Thanks, sounds good.  Maybe I missed it, but in reading the doc you
> wrote I could see how to setup a server, but not how to set up AstLinux as
> a client?  I'm keen to try this out, but will start with a linux client in
> a VM.  Time to google for instructions on that.
>
> Thanks
> David
>
> On Tue, Nov 14, 2017 at 2:06 PM, Lonnie Abelbeck <
> li...@lo...> wrote:
>
>>
>> On Nov 14, 2017, at 11:37 AM, Michael Keuter <li...@mk...>
>> wrote:
>>
>> >
>> >> Am 14.11.2017 um 17:56 schrieb David Kerr <da...@ke...>:
>> >>
>> >> Lonnie,
>> >>  I have some questions on the new Wireguard features...
>> >>
>> >> Does AstLinux implement server only, or both client and server.  ie,
>> can I use wireguard to connect two AstLinux boxes together over the
>> internet... and allow clients on each LAN to route traffic through the VPN
>> to the other's LAN?
>> >
>> > Yes. (Both client and server)
>>
>> Hi David,
>>
>> I currently have a remote SIP peer over WireGuard instead of public SIP
>> for an AstLinux to AstLinux configuration.  I also AllowedIPs one of my LAN
>> IP's to perform remote management. Works great!
>>
>> And the tunnel can transfer both IPv4/IPv6 and any peer to peer
>> connection can be over either IPv4 or IPv6.
>>
>>
>> >> Is the public/private key used by the VPN same as that used by other
>> AstLinux services and can it be a LetsEncrypt/acme issues/managed
>> certificate?
>> >
>> > No.
>>
>> The public keys are short, base64 encoded strings like
>> "HIgo9xNzJMWLKASShiTqIybxZ0U3wGLiUeJ1PKf8ykw=" thanks to Elliptic-curve
>> cryptography.  Simple Copy/Paste to share public keys between peers.
>>
>> Yesterday I fired up a VM and created a WireGuard tunnel between the VM
>> and one of my test boxes, it took less than 2 minutes.
>>
>>
>> >> Are you aware of any easy to use MacOS or Windows clients?
>> >
>> > There are no yet.
>> > https://www.wireguard.com/install/
>> >
>> > Michael
>>
>> It will take a little time for non-Linux user-space implementations, but
>> that is on the roadmap.  Android will probably appear first.
>>
>> In the lab I have achieved iperf3 speeds of nearly 700 Mbps using two
>> parallel streams between a Qotom J1900 and Jetway N2930 over a WireGuard
>> VPN.  OpenVPN maxes out at 110 Mbps.  For AstLinux users 1 Gb VPN routing
>> is probably not needed yet, but the efficiency leaves more CPU head-room
>> for Asterisk and other services, and not to mention the very easy
>> configuration for site to site VPN's.
>>
>> More interesting tidbits ...
>>
>> It looks pretty clear that WireGuard will make it into the mainline Linux
>> kernel:
>> https://plus.google.com/+gregkroahhartman/posts/jD6N4BzToa3
>>
>> A VPN provider comments - WireGuard is the future
>> https://mullvad.net/blog/2017/9/27/wireguard-future/
>>
>> A lot of projects offer WireGuard...
>> https://www.wireguard.com/install/
>>
>> Lonnie
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Astlinux-devel mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel
>>
>
>