WireGuard


Table of Contents

WireGuard (Virtual Private Network)

alt="WireGuard icon"

About WireGuard

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It can be a useful replacement for IPSec or OpenVPN.

Installation

You can install wireguard from the Apps section of the FreedomBox web interface.

Usage

  • Point-to-point tunnel

  • VPN client with default route

Configuration - Debian Peers

Note: These steps are handled automatically on FreedomBox. So you only need to follow these steps on any Debian clients that will connect to FreedomBox, or Debian servers that FreedomBox will connect to.

Configuration - Mobile Clients

WireGuard has a user space implementation for mobile devices available via the WireGuard app - available for Android and iOS (a full list of supported operating systems is available here).

The client can be configured in several ways:

Alternative A - Create configuration manually

This is self-explanatory, you actually create the config on the mobile device then transfer the relevant keys to the server's config.

Alternative B - Create configuration from archive

Here you have to create a .zip archive of the client configuration file, transfer it to the device then import it into the app.

Alternative C - Import by reading a QR code (most secure method)

The mobile client as of version 0.0.20180724 supports QR code based input.

DebianPackage:qrencode can be used to generate qr codes, even in a terminal/console using UTF8 characters.

The syntax is:

# qrencode -t ansiutf8 < client.conf

This will generate a QR code that is readable by the mobile client.

The advantage of this approach is that there is no need to transfer sensitive information via data channels that can potentially be compromised and there is no need for any additional software.

External Links