Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: gavan_white on April 07, 2021, 02:19:55 AM

Title: Wireguard
Post by: gavan_white on April 07, 2021, 02:19:55 AM

I have been wondering if there is a possibility of incorporating Wireguard into the SME Server?
I have a Raspberry Pi as a Wireguard server with port forwarding to it. This works like a dream and allows access from anywhere.
Whilst not 100% needed, I was wondering if it would be possible or wise to incorporate this as a VPN option for SME server. I haven't played around on my SME9, but have a SME10 server that I am using to become familiar with the changes. I am not all that tech savvy, but might see if this is an option unless there is a definite reason why this should not be part of SME server as a contirb.
Thanks for any thoughts about this that may come my way.
Also, thanks heaps to all the devoted people setting SME10 up.
Gavan

Title: Re: Wireguard
Post by: Jean-Philippe Pialasse on April 07, 2021, 03:29:37 AM

this is in the plans.
but time and people are missing.
i can not promise this in the next month but around summer ?

Title: Re: Wireguard
Post by: gavan_white on April 07, 2021, 04:13:42 AM

Quote from: Jean-Philippe Pialasse on April 07, 2021, 03:29:37 AM

this is in the plans.
but time and people are missing.
i can not promise this in the next month but around summer ?

Thanks heaps for the response. I am very pleased that it is on the agenda.

Title: Re: Wireguard
Post by: ReetP on April 07, 2021, 09:30:29 AM

Quote from: Jean-Philippe Pialasse on April 07, 2021, 03:29:37 AM

this is in the plans.
but time and people are missing.
i can not promise this in the next month but around summer ?

Summer 2022 at our rate :lol:

Don't forget we do already have lots of vpn options.

I need to finish updating the ipsec one for v10. JP & Brian did all the work on openvpn.

I know Wireguard is popular, but that is probably because it seems 'relatively' simple. Yes it's easier than openvpn + certs. However, Ipsec can be used with just passwords like Wireguard. It isn't that hard.

But passwords are just not that secure and using rsa sigs in ipsec or certs in ipsec & openvpn is much stronger.

Depending on usage openvpn or ipsec are also better transports, particularly for server-server.

If you are going to use vpn you should have a good understanding of it, and the pros & cons. (And I am no real 'guru'. Just read a lot)

"All that glisters is not gold" :lol:

Title: Re: Wireguard
Post by: gavan_white on April 07, 2021, 12:29:10 PM

Thanks for the comments. I have just found it is smart, straight forward to set up and can be always on or not, depending on what you use it for.
I have used server to server VPN previously - openvpn, but found it difficult to just run workstation to server, don't recall why.
I tried IPSEC also, but had a hell of a time trying to setup the connections and gave up. Admittedly, this was 5 years ago!
I generally settled with tunnelling through an SSH connection to get RDP running on Windows.
Anyway, Wireguard works out of the 'box' (kernel) with a fairly simple key exchange, etc.
I am not concerned about the time for this to happen with the smeserver, just intrigued about whether it could be done.
Cheers.