Wireguard
From DD-WRT Wiki
Revision as of 18:50, 13 July 2018 (edit) Liverpoolatnight (Talk | contribs) (→Reference) ← Previous diff |
Revision as of 15:59, 16 July 2018 (edit) (undo) Liverpoolatnight (Talk | contribs) Next diff → |
||
Line 22: | Line 22: | ||
This firewall functionality may eventually get integrated into DD-WRT. SVN tickets: | This firewall functionality may eventually get integrated into DD-WRT. SVN tickets: | ||
*[http://svn.dd-wrt.com/ticket/6217 add option to allow more than one allowed IP/Network] | *[http://svn.dd-wrt.com/ticket/6217 add option to allow more than one allowed IP/Network] | ||
- | *[http://svn.dd-wrt.com/ticket/6218 add option to set auto routes for oet*_aip0] | + | *[http://svn.dd-wrt.com/ticket/6218 add option to set auto routes for oet*_aip0] - Done |
- | *[http://svn.dd-wrt.com/ticket/6219 show private key in gui] | + | *[http://svn.dd-wrt.com/ticket/6219 show private key in gui] - Done |
+ | *[http://svn.dd-wrt.com//ticket/6217#comment:1 add option to set a DNS in gui] | ||
=Reference= | =Reference= | ||
- | + | [https://www.wireguard.com/#conceptual-overview Conceptual Overview]<br> | |
- | + | [https://git.zx2c4.com/WireGuard/ Git Repository]<br> | |
+ | [https://lists.zx2c4.com/mailman/listinfo/wireguard/ WireGuard Mailing Lists]<br> | ||
[https://svn.dd-wrt.com/search?q=wireguard&noquickjump=1&changeset=on DD-WRT SVN Changesets]<br> | [https://svn.dd-wrt.com/search?q=wireguard&noquickjump=1&changeset=on DD-WRT SVN Changesets]<br> | ||
[https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312522 Forum thread, Broadcom]<br> | [https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312522 Forum thread, Broadcom]<br> |
Revision as of 15:59, 16 July 2018
"WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry."[1]
Contents |
How it works
Quick Start (from the developer site)
Firewall rules
Add firewall rules to successfully communicate through the tunnel on each unit:
#for reaching the unit in/out iptables -I INPUT -i oet1 -j ACCEPT iptables -I OUTPUT -o oet1 -j ACCEPT #for forwarding packets to the networks behind in/out iptables -I FORWARD -i oet1 -j ACCEPT iptables -I FORWARD -o oet1 -j ACCEPT
Also set routes for the networks to reach:
#to connect 192.168.1.0/24 and 192.168.2.0/24 via 10.10.10.2 put on the 192.168.1.0 gateway route add -net 192.168.2.0/24 gw 10.10.10.2 #etc
This firewall functionality may eventually get integrated into DD-WRT. SVN tickets:
- add option to allow more than one allowed IP/Network
- add option to set auto routes for oet*_aip0 - Done
- show private key in gui - Done
- add option to set a DNS in gui
Reference
Conceptual Overview
Git Repository
WireGuard Mailing Lists
DD-WRT SVN Changesets
Forum thread, Broadcom
Forum thread, Atheros
Virtual Private Network (VPN) (DD-WRT wiki)