Koozali.org: home of the SME Server

Wireguard

Offline gavan_white

  • *
  • 29
  • +0/-0
Wireguard
« on: April 07, 2021, 02:19:55 AM »
I have been wondering if there is a possibility of incorporating Wireguard into the SME Server?
I have a Raspberry Pi as a Wireguard server with port forwarding to it. This works like a dream and allows access from anywhere.
Whilst not 100% needed, I was wondering if it would be possible or wise to incorporate this as a VPN option for SME server. I haven't played around on my SME9, but have a SME10 server that I am using to become familiar with the changes. I am not all that tech savvy, but might see if this is an option unless there is a definite reason why this should not be part of SME server as a contirb.
Thanks for any thoughts about this that may come my way.
Also, thanks heaps to all the devoted people setting SME10 up.
Gavan

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Wireguard
« Reply #1 on: April 07, 2021, 03:29:37 AM »
this is in the plans.
but time and people are missing.
i can not promise this in the next month but around summer ?

Offline gavan_white

  • *
  • 29
  • +0/-0
Re: Wireguard
« Reply #2 on: April 07, 2021, 04:13:42 AM »
this is in the plans.
but time and people are missing.
i can not promise this in the next month but around summer ?

Thanks heaps for the response. I am very pleased that it is on the agenda.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Wireguard
« Reply #3 on: April 07, 2021, 09:30:29 AM »
this is in the plans.
but time and people are missing.
i can not promise this in the next month but around summer ?

Summer 2022 at our rate :lol:

Don't forget we do already have lots of vpn options.

I need to finish updating the ipsec one for v10. JP & Brian did all the work on openvpn.

I know Wireguard is popular, but that is probably because it seems 'relatively' simple. Yes it's easier than openvpn + certs. However, Ipsec can be used with just passwords like Wireguard. It isn't that hard.

But passwords are just not that secure and using rsa sigs in ipsec or certs in ipsec & openvpn is much stronger.

Depending on usage openvpn or ipsec are also better transports, particularly for server-server.

If you are going to use vpn you should have a good understanding of it, and the pros & cons. (And I am no real 'guru'. Just read a lot)

"All that glisters is not gold" :lol:
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline gavan_white

  • *
  • 29
  • +0/-0
Re: Wireguard
« Reply #4 on: April 07, 2021, 12:29:10 PM »
Thanks for the comments. I have just found it is smart, straight forward to set up and can be always on or not, depending on what you use it for.
I have used server to server VPN previously - openvpn, but found it difficult to just run workstation to server, don't recall why.
I tried IPSEC also, but had a hell of a time trying to setup the connections and gave up. Admittedly, this was 5 years ago!
I generally settled with tunnelling through an SSH connection to get RDP running on Windows.
Anyway, Wireguard works out of the 'box' (kernel) with a fairly simple key exchange, etc.
I am not concerned about the time for this to happen with the smeserver, just intrigued about whether it could be done.
Cheers.