Skip to main content

Posts

Showing posts from June, 2023

Setting up wireguard

 Time has come to explore a new (well, it's not that new anymore, it was introduced in kernel 5.6) VPN technology that is more lightweight and faster on single-board computers (SBCs) than something like OpenVPN. I'm talking about Wireguard . The key takeaways for why Wireguard might be better than other VPN technologies (like OpenVPN, or IPSec) are: very small code, easier to audit runs in kernel space, not userspace  configuration can be done with standard linux tools (like ip, iproute, iptables), but there are some helper scripts that simplify setting up/starting up doesn't support cypher negotiation (thus preventing downgrade attacks) is quiet by default and doesn't reply to random packets from the Internet (difficult to scan for wireguard concentrators and try brute-force attacks) has better performance than userspace encryption (to be tested) All good network tutorials begin with a network diagram and end with a packet capture. So, let's say you want to host a ...