|
|
|
|
|
|
by cyberpunk
2073 days ago
|
|
|
On wireguard -- I recently replaced a pretty grim/complicated openvpn setup with a wireguard one, and while I had to write a ~200 line shell script to let our ops guys create configs for the users, it's been pretty much a great experience. (wireguard is itching for a nice ui or cli tool for managing configs.... if anyone knows one please let me know...) Wireguard is simple point-to-point, I have an iptables rule that masquarades the tunnel interface to the internal interface of the 'vpn server' but it's all so simple that don't feel bad at all that someone down the road will inherit this system and have to mange it. It's obvious, the stuff I wrote around it is simple enough to grok in an hour, and that's a world of difference from openvpn, where you can easily deploy it with some ansible-galaxy role, but actually maintaining it for 200+ devs requires you to actually undersand it which is a different thing. I'm not really contributing anything here, apart from -- everywhere I've used wireguard I feel better for it. If you're weighing up options, I suggest you go wg. :} |
|
|
I'm been writing wg-access-server[1] which is an open source all-in-one solution for getting a wireguard based VPN server up and running.
There are a few others i've come across as well: streisand[2], wg-ui[3], subspace[4]
If you like, i'd be happy to hear about your use-cases and see if I can fit them into wg-access-server :D
[1] https://github.com/Place1/wg-access-server [2] https://github.com/StreisandEffect/streisand [3] https://github.com/EmbarkStudios/wg-ui [4] https://github.com/subspacecloud/subspace