Wireguard

From DD-WRT Wiki

Revision as of 21:54, 18 July 2018 by Liverpoolatnight (Talk | contribs)
Jump to: navigation, search

"WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry."[1]

Contents


How it works

Quick Start (from the developer site)

Firewall rules

Add firewall rules to successfully communicate through the tunnel on each unit:

#for reaching the unit in/out
iptables -I INPUT -i oet1 -j ACCEPT
iptables -I OUTPUT -o oet1 -j ACCEPT
#for forwarding packets to the networks behind in/out
iptables -I FORWARD -i oet1 -j ACCEPT
iptables -I FORWARD -o oet1 -j ACCEPT	

Also set routes for the networks to reach:

#to connect 192.168.1.0/24 and 192.168.2.0/24 via 10.10.10.2 put on the 192.168.1.0 gateway
route add -net 192.168.2.0/24 gw 10.10.10.2
#etc

This firewall functionality may eventually get integrated into DD-WRT. SVN tickets:

Reference

Conceptual Overview
Git Repository
WireGuard Mailing Lists
DD-WRT SVN Changesets
Forum

Virtual Private Network (VPN) (DD-WRT wiki)