Wireguard VPN
-
@dylightful it's coming sooner than later
We have confirmed that Wireguard works as a package. We are in the process of refactoring our OpenVPN package to support both. -
@timka
At this rate, you are looking at some time never!Wireguard on Cloudron is like some pipe dream, never to materialise!
I rest my case!
(Yes, I am peed off!)
-
@timka
At this rate, you are looking at some time never!Wireguard on Cloudron is like some pipe dream, never to materialise!
I rest my case!
(Yes, I am peed off!)
@RoundHouse1924 Hear hear!
The shear support behind WireGuard and the lack of updates as to its ETA is extremely disappointing.
-
Most of the wireguard ui projects other than wg-easy have died by now and wg-easy does not have LDAP/OIDC support. So we wanted to instead integrate make a new wireguard package which is similar to our existing openvpn app. Unfortunately, this takes time and there is always something more important coming up (like Cloudron 8, package updates, OIDC migration and so on).
-
@girish I appreciate all your hard work, understand and agree with the priorities. That said, I'd very much like to have an app similar to the OpenVPN one using wireguard. Is that anything one can do to help get it done? Maybe see the OpenVPN code and try to whip up something similar using wg?
-
@girish I appreciate all your hard work, understand and agree with the priorities. That said, I'd very much like to have an app similar to the OpenVPN one using wireguard. Is that anything one can do to help get it done? Maybe see the OpenVPN code and try to whip up something similar using wg?
@malvim thanks for the offer to help. I think for a start, we have to start modifying https://git.cloudron.io/cloudron/openvpn-app to also support wireguard. MRs are welcome.
-
@malvim thanks for the offer to help. I think for a start, we have to start modifying https://git.cloudron.io/cloudron/openvpn-app to also support wireguard. MRs are welcome.
@girish said in Wireguard VPN:
@malvim thanks for the offer to help. I think for a start, we have to start modifying https://git.cloudron.io/cloudron/openvpn-app to also support wireguard. MRs are welcome.
I think this is an absolutely great idea!
-
@malvim thanks for the offer to help. I think for a start, we have to start modifying https://git.cloudron.io/cloudron/openvpn-app to also support wireguard. MRs are welcome.
@girish That sounds good, I'll take a look at the code and see if I'm confident enough to take a crack at it. So you want the same vpn app to support both OpenVPN and wireguard, is that correct?
I understand there's a key manager for OpenVPN, which I think doesn't really make sense as-is for wireguard, right? For wireguard we just generate a private key for the host and generally just have to manage peers (with their public keys, allowed-ips and whatnot)...
-
Another thing I just thought is that it'd be cool to be able to have other apps be VPN clients as well...
So docker-compose has the "service" network mode, which I think is like the "host" network mode, but instead of the host it uses another container's network. Not sure how we'd implement it, and maybe this would be easier if we had a VPN add-on instead of an app, not sure.
The use case is one I'm going through right now: I want to use prometheus and grafana to monitor something that i'd like only be accessed through a wireguard VPN. So at the moment (for testing purposes), I'm keeping the things I want to monitor open on the internet and using prometheus to collect metrics, but if we want to go through with it in production, I'll probably have to host at least prometheus by myself inside our VPN.
what do you guys think?
-
Alright, I managed to get initial wireguard implementation working. It's in a branch, still some work to be done but atleast it's working. I am still figuring out routing between the networks but you can connect separately already.
The idea is to have both OpenVPN and Wireguard in the existing OpenVPN app. Maybe we will rename this app to be just VPN. Hopefully, we can get this out the coming week.
-
Alright, I managed to get initial wireguard implementation working. It's in a branch, still some work to be done but atleast it's working. I am still figuring out routing between the networks but you can connect separately already.
The idea is to have both OpenVPN and Wireguard in the existing OpenVPN app. Maybe we will rename this app to be just VPN. Hopefully, we can get this out the coming week.
@girish Maybe the greatest Christmas present one could ask for!
-
Alright, I managed to get initial wireguard implementation working. It's in a branch, still some work to be done but atleast it's working. I am still figuring out routing between the networks but you can connect separately already.
The idea is to have both OpenVPN and Wireguard in the existing OpenVPN app. Maybe we will rename this app to be just VPN. Hopefully, we can get this out the coming week.
@girish While you're at it, please consider adding support for MASQUE protocol - https://news.ycombinator.com/item?id=36431841
-
@girish While you're at it, please consider adding support for MASQUE protocol - https://news.ycombinator.com/item?id=36431841
-
@robi thanks for the tip, have to read further. Also found https://guardianproject.info/2020/02/25/masque-review/
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
-
G girish locked this topic on
