Wireguard VPN

timka

@girish super! Really looking forward to this!

RoundHouse1924

@timka
At this rate, you are looking at some time never!

Wireguard on Cloudron is like some pipe dream, never to materialise!

I rest my case!

(Yes, I am peed off!)

dylightful

@RoundHouse1924 Hear hear!

The shear support behind WireGuard and the lack of updates as to its ETA is extremely disappointing.

girish

Most of the wireguard ui projects other than wg-easy have died by now and wg-easy does not have LDAP/OIDC support. So we wanted to instead integrate make a new wireguard package which is similar to our existing openvpn app. Unfortunately, this takes time and there is always something more important coming up (like Cloudron 8, package updates, OIDC migration and so on).

playsia

I've been waiting for this for years (yes, actually years) and I check in every month or so to see if there's any progress only to be disappointed... Could this please be bumped up the priority list a bit?

malvim

@girish I appreciate all your hard work, understand and agree with the priorities. That said, I'd very much like to have an app similar to the OpenVPN one using wireguard. Is that anything one can do to help get it done? Maybe see the OpenVPN code and try to whip up something similar using wg?

girish

@malvim thanks for the offer to help. I think for a start, we have to start modifying https://git.cloudron.io/cloudron/openvpn-app to also support wireguard. MRs are welcome.

micmc

@girish said in Wireguard VPN:

@malvim thanks for the offer to help. I think for a start, we have to start modifying https://git.cloudron.io/cloudron/openvpn-app to also support wireguard. MRs are welcome.

I think this is an absolutely great idea!

malvim

@girish That sounds good, I'll take a look at the code and see if I'm confident enough to take a crack at it. So you want the same vpn app to support both OpenVPN and wireguard, is that correct?

I understand there's a key manager for OpenVPN, which I think doesn't really make sense as-is for wireguard, right? For wireguard we just generate a private key for the host and generally just have to manage peers (with their public keys, allowed-ips and whatnot)...

malvim

Another thing I just thought is that it'd be cool to be able to have other apps be VPN clients as well...

So docker-compose has the "service" network mode, which I think is like the "host" network mode, but instead of the host it uses another container's network. Not sure how we'd implement it, and maybe this would be easier if we had a VPN add-on instead of an app, not sure.

The use case is one I'm going through right now: I want to use prometheus and grafana to monitor something that i'd like only be accessed through a wireguard VPN. So at the moment (for testing purposes), I'm keeping the things I want to monitor open on the internet and using prometheus to collect metrics, but if we want to go through with it in production, I'll probably have to host at least prometheus by myself inside our VPN.

what do you guys think?