If anyone is interested in setting up a VPN with wireguard [0], I'd like to whole-heartedly recommend Algo [1]. It's a set of Ansible scripts that sets up a dual IPSec/wireguard VPN on a VM or other machine.
Wireguard itself is already super simple to setup and configure, and Algo makes it even easier by automating most of the surrounding process.
I personally used it to setup a VPN a few days ago, and then manually tweaked it a bit to turn it into a site-to-site VPN instead of having it be just for tunneling (fun fact: wireguard works on Vyatta (AKA Ubiquiti) [2], and is currently running flawlessly on my Edgerouter Lite).
Seriously, this is amazing software that just works and runs incredibly fast. Huge thanks to Jason and all the contributors to the various projects for their great work.
Ooh. Thanks for the algo recommendation. I had been looking for something which can easily support multiple users (having unique keys!), for a small/medium office. Algo looks perfect.
I would also suggest Streisand, which offers a nice web page with client config downloads after you've set it up. You can do a WireGuard-only build through the setup wizard.
I don't recommend Streisand; it spins up a bizarre collection of services. If you're excited about WireGuard (as I am), a huge part of the reason why is not to have all the horrible attack surface of legacy tunneling protocols, cryptography, and tools.
You can turn a lot of it off during the setup process. I usually block off most of the ports via ufw, leaving open the bare minimum of ssh and wireguard.
Interesting - would you mind talking a bit about why you chose Algo for professional use and Streisand for personal use? I've been meaning to research them both more closely, but just getting by on manually configured SSH tunneling for the time being.
Thanks so much for this, I've just set it up and works flawlessly. (just a tad slow since I'm tunneling via Frankfurt but on the software side it's absolutely lighting fast!)
If you're referring to Algo, you're correct, but it's intended to only setup a server, not a client. Having an Ubuntu VM or VPS available to host a VPN is a reasonable assumption to make.
> Having an Ubuntu VM or VPS available to host a VPN is a reasonable assumption to make.
Is it? I personally & professionally prefer Debian over Ubuntu: by default it’s free-software–only, and I find that it’s somewhat more stable & predictable (which are important in a production server system). Of course, some people don’t care as much about software freedom as I do, and others may have had different experiences with respect to stability & predictability.
Ubuntu is nice on the client side, given the reality of proprietary drivers in which we live, but even there I prefer e.g. Mint if I’m not using pure Debian.
Wireguard itself is already super simple to setup and configure, and Algo makes it even easier by automating most of the surrounding process.
I personally used it to setup a VPN a few days ago, and then manually tweaked it a bit to turn it into a site-to-site VPN instead of having it be just for tunneling (fun fact: wireguard works on Vyatta (AKA Ubiquiti) [2], and is currently running flawlessly on my Edgerouter Lite).
Seriously, this is amazing software that just works and runs incredibly fast. Huge thanks to Jason and all the contributors to the various projects for their great work.
[0]: https://www.wireguard.com/
[1]: https://github.com/trailofbits/algo
[2]: https://github.com/Lochnair/vyatta-wireguard