Jump to:navigation, search
Wiki

WireGuard®

From Securepoint Wiki


















































Artikel

De.png
En.png
Fr.png






WireGuard® configuration in the admin interface
Last adaptation to the version: 12.6.0
New:
  • The status of the implicit rule is displayed in the dashboard
  • The dashboard has been revised and now displays a connection status
notempty
This article refers to a Resellerpreview

12.5 12.4 12.2

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 VPN WireGuard


General

Overview

Wireguard® is a modern and simple VPN protocol, which additionally convinces by its performance.

Advantages

  • Wireguard does without some complex procedures for key exchange and is therefore easier to handle than IPSec.
  • Due to the integration into the Linux kernel, a high-performance and resource-saving processing is possible compared to OpenVPN.

  • Gut zu wissen
    The OpenVPN integration in the Securepoint UTM is also very performant.
    The speed disadvantage of SSL-VPN connections compared to WireGuard connections is therefore not as serious as can be observed with competitors.

    • Disadvantages

  • Settings like routes, DNS etc. cannot be "pushed" like with OpenVPN
  • This makes the management of Roadwarriors much more complex

    • Connection

    Communication takes place via a freely selectable UDP port and uses IPv4 and IPv6 to transport the data packets.

    The handling between the two peers is very similar to OpenSSH.
    "Peers" must first exchange their PublicKeys and can then "simply" exchange data further on.
    The exchange of PublicKeys is explicitly not part of the WireGuard specification and must be performed manually.

    A PublicKey must identify a peer unmistakably.
    Multiple uses are not practical.

    For better protection, a preshared key can also be used.

    NAT

    WireGuard can send a keepalive.
    This keeps connections open on NAT routers.

    Since the communication only runs via a UDP port, WireGuard is not susceptible to NAT related problems.

    Widget

    There is a widget in the admin interface for the overview of WireGuard connections. Further information can be found in the Wiki article for UTM Widgets.

    Dashboard

    The dashboard shows the connection status of each peer of a connection as well as the name, key, public key value and IP-Address of an user and the associated user groups.

    WireGuard UTMuser@firewall.name.fqdnVPN Restart UTM v12.6 VPN WireGuard Dashboard.pngWireGuard Dashboard


    Dashboard settings

    Dashboard settings

    For a better overview, individual sections can be hidden in the overview if necessary:

  • Peers
  • User
  • User group
  • Key values

    • Status der impliziten Regel notempty
    New as of: 12.6

    Eine Statuslampe zeigt den Zustand der impliziten Regel an:

  • die Dienste und die Verbindungen sind deaktiviert. Über die Schaltfläche kann die implizite Regel aktiviert werden.
  • die Dienste und die Verbindungen sind aktiviert und die Einstellungen sind synchronisiert.Über die Schaltfläche kann die implizite Regel deaktiviert werden.
    • UTM v12.6 VPN WireGuard Dashboard Implizite-Regel-en.png


    Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/VPN/WireGuard&oldid=88820"