Re: [Astlinux-devel] Wireguard Q's

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> Am 14.11.2017 um 21:55 schrieb David Kerr <da...@ke...>:
> 
> So, make sure I understand this correct.  I need to put the public key of the client I want to let connect into the wg0.conf file, right? And the subnet of the IP address that this client is going to use into Allowed IP's?
> 
> If I want to let multiple clients attach how do I go about that? where would I list the multiple permitted public keys?
> 
> Thanks
> David

Then you need to create multiple peers sections within the "wg0.conf" on the server side. Each for every remote site.

https://www.wireguard.com/quickstart/

> On Tue, Nov 14, 2017 at 3:23 PM, David Kerr <da...@ke...> wrote:
> Lonnie,
>  Thanks, sounds good.  Maybe I missed it, but in reading the doc you wrote I could see how to setup a server, but not how to set up AstLinux as a client?  I'm keen to try this out, but will start with a linux client in a VM.  Time to google for instructions on that.
> 
> Thanks
> David
> 
> On Tue, Nov 14, 2017 at 2:06 PM, Lonnie Abelbeck <li...@lo...> wrote:
> 
> On Nov 14, 2017, at 11:37 AM, Michael Keuter <li...@mk...> wrote:
> 
>> 
>>> Am 14.11.2017 um 17:56 schrieb David Kerr <da...@ke...>:
>>> 
>>> Lonnie,
>>> I have some questions on the new Wireguard features...
>>> 
>>> Does AstLinux implement server only, or both client and server.  ie, can I use wireguard to connect two AstLinux boxes together over the internet... and allow clients on each LAN to route traffic through the VPN to the other's LAN?
>> 
>> Yes. (Both client and server)
> 
> Hi David,
> 
> I currently have a remote SIP peer over WireGuard instead of public SIP for an AstLinux to AstLinux configuration.  I also AllowedIPs one of my LAN IP's to perform remote management. Works great!
> 
> And the tunnel can transfer both IPv4/IPv6 and any peer to peer connection can be over either IPv4 or IPv6.
> 
> 
>>> Is the public/private key used by the VPN same as that used by other AstLinux services and can it be a LetsEncrypt/acme issues/managed certificate?
>> 
>> No.
> 
> The public keys are short, base64 encoded strings like "HIgo9xNzJMWLKASShiTqIybxZ0U3wGLiUeJ1PKf8ykw=" thanks to Elliptic-curve cryptography.  Simple Copy/Paste to share public keys between peers.
> 
> Yesterday I fired up a VM and created a WireGuard tunnel between the VM and one of my test boxes, it took less than 2 minutes.
> 
> 
>>> Are you aware of any easy to use MacOS or Windows clients?
>> 
>> There are no yet.
>> https://www.wireguard.com/install/
>> 
>> Michael
> 
> It will take a little time for non-Linux user-space implementations, but that is on the roadmap.  Android will probably appear first.
> 
> In the lab I have achieved iperf3 speeds of nearly 700 Mbps using two parallel streams between a Qotom J1900 and Jetway N2930 over a WireGuard VPN.  OpenVPN maxes out at 110 Mbps.  For AstLinux users 1 Gb VPN routing is probably not needed yet, but the efficiency leaves more CPU head-room for Asterisk and other services, and not to mention the very easy configuration for site to site VPN's.
> 
> More interesting tidbits ...
> 
> It looks pretty clear that WireGuard will make it into the mainline Linux kernel:
> https://plus.google.com/+gregkroahhartman/posts/jD6N4BzToa3
> 
> A VPN provider comments - WireGuard is the future
> https://mullvad.net/blog/2017/9/27/wireguard-future/
> 
> A lot of projects offer WireGuard...
> https://www.wireguard.com/install/
> 
> Lonnie

Michael

http://www.mksolutions.info