Jump to:navigation, search
Wiki

WireGuard®

From Securepoint Wiki

















































Artikel

De.png
En.png
Fr.png









WireGuard® configuration in the admin interface

Last adaptation to the version: 14.0.1(01.2025)

New:
notempty
This article refers to a Resellerpreview
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 VPN WireGuard


General

Overview

Wireguard® is a modern and simple VPN protocol, which additionally convinces by its performance.

Advantages

  • Wireguard does without some complex procedures for key exchange and is therefore easier to handle than IPSec.
  • Due to the integration into the Linux kernel, a high-performance and resource-saving processing is possible compared to OpenVPN.

  • Gut zu wissen
    The OpenVPN integration in the Securepoint UTM is also very performant.
    The speed disadvantage of SSL-VPN connections compared to WireGuard connections is therefore not as serious as can be observed with competitors.

    • Disadvantages

  • Settings like routes, DNS etc. cannot be "pushed" like with OpenVPN
  • This makes the management of Roadwarriors much more complex

    • Connection

    Communication takes place via a freely selectable UDP port and uses IPv4 and IPv6 to transport the data packets.

    The handling between the two peers is very similar to OpenSSH.
    "Peers" must first exchange their PublicKeys and can then "simply" exchange data further on.
    The exchange of PublicKeys is explicitly not part of the WireGuard specification and must be performed manually.

    A PublicKey must identify a peer unmistakably.
    Multiple uses are not practical.
    For better protection, a preshared key can also be used.

    NAT

    WireGuard can send a keepalive.
    This keeps connections open on NAT routers.

    Since the communication only runs via a UDP port, WireGuard is not susceptible to NAT related problems.

    Widget

    There is a widget in the admin interface for the overview of WireGuard connections. Further information can be found in the Wiki article for UTM Widgets.

    Dashboard

    Das Dashboard zeigt den Verbindungsstatus der einzelnen Peers einer Verbindung sowie Name, Schlüssel, den Wert des öffentlichen Schlüsselteils und die IP-Adresse eines Benutzers / einer Benutzerin und die dazu gehörigen Benutzergruppen.

    notempty
    New as of v14.0.1
     AktivOn: Peers, die nicht Cloud verwaltet sind, können deaktiviert Off werden
    WireGuard UTMuser@firewall.name.fqdnVPN Restart UTM v14.0.1 WireGuard Dashboard-en.pngWireGuard Dashboard


    Dashboard settings

    Dashboard settings

    For a better overview, individual sections can be hidden in the overview if necessary:

  • Peers
  • User
  • User group
  • Key values
  • Style
  • Entries per page
  • Max height

    • Status of the implicit rule notempty
    New as of: 12.6

    A status light indicates the status of the implicit rule:

  • the services are deactivated. The implicit rule can be activated via the button.
  • the services and connections are activated and the settings are synchronised, and the implicit rule can be deactivated via the button.
    • UTM v12.6 VPN WireGuard Dashboard Implizite-Regel-en.png
    Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/VPN/WireGuard&oldid=94467"