Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:tt_wireguard_vpn [2019/09/20 13:36]
abelbeck [WireGuard Configuration Options]
userdoc:tt_wireguard_vpn [2020/03/30 09:33] (current)
abelbeck [WireGuard VPN Configuration]
Line 3: Line 3:
 AstLinux now supports the [[https://​www.wireguard.com/​|WireGuard VPN]]. WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. ​ WireGuard was created by Jason A. Donenfeld. AstLinux now supports the [[https://​www.wireguard.com/​|WireGuard VPN]]. WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. ​ WireGuard was created by Jason A. Donenfeld.
  
-!!Info ->!! Currently (November 2018) WireGuard ​has not quite yet been accepted into the mainline ​Linux kernel. Be certain to perform your own due diligence and testing of what could become the premier VPN in the not too distant future.+!!Info ->!! Currently (March 2020) WireGuard ​is included in Linux 5.6 and onward. ​ Backports for older kernels are also maintained. Be certain to perform your own due diligence and testing of what could become the premier VPN type across most all platforms.
  
 !!Note: AstLinux 1.3.2 or later is required, new features with 1.3.5 or later!! !!Note: AstLinux 1.3.2 or later is required, new features with 1.3.5 or later!!
Line 187: Line 187:
  
 !!Important ->!! The default policy is to allow all **WG->​Local** traffic unless "Pass WG->​Local"​ is defined, then the default policy is to deny all **WG->​Local** traffic. !!Important ->!! The default policy is to allow all **WG->​Local** traffic unless "Pass WG->​Local"​ is defined, then the default policy is to deny all **WG->​Local** traffic.
 +
 +ICMP Echo Request (ping) packets are allowed and rate-limited for **WG->​Local** traffic, regardless of the "​Firewall Rules:"​ choice.
  
   * TCP: Define ''​TCP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...   * TCP: Define ''​TCP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...
   * UDP: Define ''​UDP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...   * UDP: Define ''​UDP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...
  
-!!Tip ->!! Allow SSH traffic, deny all other traffic ... choose "Pass WG->​Local"​ and set ''​TCP''​ to ''​0/​0~22''​+!!Tip ->!! Allow SSH and DNS traffic, deny all other traffic ... choose "Pass WG->​Local"​ and set ''​TCP''​ to ''​0/​0~22,​53''​ and ''​UDP''​ to ''​0/​0~53''​
  
 !!Tip ->!! Deny HTTP/HTTPS traffic, allow all other traffic ... choose "Deny WG->​Local"​ and set ''​TCP''​ to ''​0/​0~80,​443''​ !!Tip ->!! Deny HTTP/HTTPS traffic, allow all other traffic ... choose "Deny WG->​Local"​ and set ''​TCP''​ to ''​0/​0~80,​443''​
  
 !!Tip ->!! Click on the blue ''​(i)''​ icon for detailed help. !!Tip ->!! Click on the blue ''​(i)''​ icon for detailed help.
- 
-ICMP Echo Request (ping) packets are allowed and rate-limited for **WG->​Local** traffic, regardless of the "​Firewall Rules:"​ choice. 
  
 \\ \\
Line 255: Line 255:
 ===== WireGuard Client Support ===== ===== WireGuard Client Support =====
  
-WireGuard is now available for [[https://​www.wireguard.com/​install/​|Android]] and as Beta-Version for [[https://www.wireguard.com/​install/​|Apple iOS]] (via TestFlight app only ≥12.x).+WireGuard is now available for [[https://​www.wireguard.com/​install/​|iOS / Android / macOS Windows]] installation. 
 + 
 +Each client is open source and free to use.
  
 \\ \\