Jump to:navigation, search
Wiki

WireGuard®

From Securepoint Wiki



























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden





















Artikel









WireGuard® configuration in the admin interface

Last adaptation to the version: 14.0.1(01.2025)

New:
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 VPN WireGuard


General

Overview

Wireguard® is a modern and simple VPN protocol, which additionally convinces by its performance.

Advantages

  • Wireguard does without some complex procedures for key exchange and is therefore easier to handle than IPSec.
  • Due to the integration into the Linux kernel, a high-performance and resource-saving processing is possible compared to OpenVPN.

  • Gut zu wissen
    The OpenVPN integration in the Securepoint UTM is also very performant.
    The speed disadvantage of SSL-VPN connections compared to WireGuard connections is therefore not as serious as can be observed with competitors.

    • Disadvantages

  • Settings like routes, DNS etc. cannot be "pushed" like with OpenVPN
  • This makes the management of Roadwarriors much more complex

    • Connection

    Communication takes place via a freely selectable UDP port and uses IPv4 and IPv6 to transport the data packets.

    The handling between the two peers is very similar to OpenSSH.
    "Peers" must first exchange their PublicKeys and can then "simply" exchange data further on.
    The exchange of PublicKeys is explicitly not part of the WireGuard specification and must be performed manually.

    A PublicKey must identify a peer unmistakably.
    Multiple uses are not practical.
    For better protection, a preshared key can also be used.

    NAT

    WireGuard can send a keepalive.
    This keeps connections open on NAT routers.

    Since the communication only runs via a UDP port, WireGuard is not susceptible to NAT related problems.

    Widget

    There is a widget in the admin interface for the overview of WireGuard connections. Further information can be found in the Wiki article for UTM Widgets.

    Dashboard

    The dashboard displays the connection status of each peer in a connection, as well as the name, key, public key value, IP address of a user, and the associated user groups.

    notempty
    New as of v14.0.1
     Activeon: Peers that are not managed by the cloud can be deactivated Off.
    WireGuard UTMuser@firewall.name.fqdnVPN Restart WireGuard Dashboard


    Dashboard settings

    Dashboard settings

    For a better overview, individual sections can be hidden in the overview if necessary:

  • Peers
  • User
  • User group
  • Key values
  • Style
  • Entries per page
  • Max height

    • Status of the implicit rule notempty
    New as of: 12.6

    A status light indicates the status of the implicit rule:

  • the services are deactivated. The implicit rule can be activated via the button.
  • the services and connections are activated and the settings are synchronised, and the implicit rule can be deactivated via the button.
    • Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/VPN/WireGuard&oldid=98347"