[commercialnix]

Knockknock was one of my favorite things back in the day. I love Moxie's mindset. Nowadays I put Wireguard in front of everything.

[lfmunoz4]

Been wanting to use wireguard but seems like a lot of effort of managing keys and ip addrseses and routing rules etc. Do you have resources that might help me understanding the best setup?

[dvzk]

WireGuard is extremely easy to setup. It's difficult to manage if you have hundreds of nodes or dynamic endpoints: that's what Tailscale and Netmaker helps with.

OpenBSD's wg documentation is straightforward. It maps onto wireguard-tools' configuration concepts if you need to use Linux.

1. https://man.openbsd.org/wg.4

2. https://man.openbsd.org/ifconfig.8#WIREGUARD

3. https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8

With OpenBSD you will typically end up with a hostname.wgN config that looks like this:

  inet6 fd00:abcd:efgh:ijkl::1/48
  wgkey <base64-private-key>
  wgport 51820
  wgpeer <base64-peer-pubkey> \
    wgpsk <base64-secret> # optional \
    wgaip fd00:abcd:efgh:mnop::1/64 \
    wgendpoint x.x.y.y 51820
  up

[commercialnix]

When Wireguard first came out I wrote some scripts for myself. Later on I used SaltStack to configure Wireguard for customers with sets of laptops in the dozens or more.

https://Netbird.io is probably something you may be interested in.

[fragmede]

Tailscale is wireguard underneath and does all that managing for you.