Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:tt_wireguard_vpn [2019/09/20 13:36]
abelbeck [WireGuard Configuration Options]
userdoc:tt_wireguard_vpn [2020/01/29 07:43] (current)
abelbeck [WireGuard VPN Configuration]
Line 3: Line 3:
 AstLinux now supports the [[https://​www.wireguard.com/​|WireGuard VPN]]. WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. ​ WireGuard was created by Jason A. Donenfeld. AstLinux now supports the [[https://​www.wireguard.com/​|WireGuard VPN]]. WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. ​ WireGuard was created by Jason A. Donenfeld.
  
-!!Info ->!! Currently (November 2018) WireGuard has not quite yet been accepted into the mainline Linux kernel. Be certain to perform your own due diligence and testing of what could become the premier VPN in the not too distant future.+!!Info ->!! Currently (January 2020) WireGuard has been accepted into the mainline Linux kernel, officially to appear in Linux 5.6. Be certain to perform your own due diligence and testing of what could become the premier VPN in the not too distant future.
  
 !!Note: AstLinux 1.3.2 or later is required, new features with 1.3.5 or later!! !!Note: AstLinux 1.3.2 or later is required, new features with 1.3.5 or later!!
Line 187: Line 187:
  
 !!Important ->!! The default policy is to allow all **WG->​Local** traffic unless "Pass WG->​Local"​ is defined, then the default policy is to deny all **WG->​Local** traffic. !!Important ->!! The default policy is to allow all **WG->​Local** traffic unless "Pass WG->​Local"​ is defined, then the default policy is to deny all **WG->​Local** traffic.
 +
 +ICMP Echo Request (ping) packets are allowed and rate-limited for **WG->​Local** traffic, regardless of the "​Firewall Rules:"​ choice.
  
   * TCP: Define ''​TCP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...   * TCP: Define ''​TCP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...
   * UDP: Define ''​UDP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...   * UDP: Define ''​UDP''​ rules of the form; host1,​host2~port1,​port2 host3,​host4~port3,​port4 ...
  
-!!Tip ->!! Allow SSH traffic, deny all other traffic ... choose "Pass WG->​Local"​ and set ''​TCP''​ to ''​0/​0~22''​+!!Tip ->!! Allow SSH and DNS traffic, deny all other traffic ... choose "Pass WG->​Local"​ and set ''​TCP''​ to ''​0/​0~22,​53''​ and ''​UDP''​ to ''​0/​0~53''​
  
 !!Tip ->!! Deny HTTP/HTTPS traffic, allow all other traffic ... choose "Deny WG->​Local"​ and set ''​TCP''​ to ''​0/​0~80,​443''​ !!Tip ->!! Deny HTTP/HTTPS traffic, allow all other traffic ... choose "Deny WG->​Local"​ and set ''​TCP''​ to ''​0/​0~80,​443''​
  
 !!Tip ->!! Click on the blue ''​(i)''​ icon for detailed help. !!Tip ->!! Click on the blue ''​(i)''​ icon for detailed help.
- 
-ICMP Echo Request (ping) packets are allowed and rate-limited for **WG->​Local** traffic, regardless of the "​Firewall Rules:"​ choice. 
  
 \\ \\
Line 255: Line 255:
 ===== WireGuard Client Support ===== ===== WireGuard Client Support =====
  
-WireGuard is now available for [[https://​www.wireguard.com/​install/​|Android]] and as Beta-Version for [[https://www.wireguard.com/​install/​|Apple iOS]] (via TestFlight app only ≥12.x).+WireGuard is now available for [[https://​www.wireguard.com/​install/​|iOS / Android / macOS Windows]] installation. 
 + 
 +Each client is open source and free to use.
  
 \\ \\