Wireguard VPN
-
@girish said in Wireguard VPN:
@malvim thanks for the offer to help. I think for a start, we have to start modifying https://git.cloudron.io/cloudron/openvpn-app to also support wireguard. MRs are welcome.
I think this is an absolutely great idea!
-
@girish That sounds good, I'll take a look at the code and see if I'm confident enough to take a crack at it. So you want the same vpn app to support both OpenVPN and wireguard, is that correct?
I understand there's a key manager for OpenVPN, which I think doesn't really make sense as-is for wireguard, right? For wireguard we just generate a private key for the host and generally just have to manage peers (with their public keys, allowed-ips and whatnot)...
-
Another thing I just thought is that it'd be cool to be able to have other apps be VPN clients as well...
So docker-compose has the "service" network mode, which I think is like the "host" network mode, but instead of the host it uses another container's network. Not sure how we'd implement it, and maybe this would be easier if we had a VPN add-on instead of an app, not sure.
The use case is one I'm going through right now: I want to use prometheus and grafana to monitor something that i'd like only be accessed through a wireguard VPN. So at the moment (for testing purposes), I'm keeping the things I want to monitor open on the internet and using prometheus to collect metrics, but if we want to go through with it in production, I'll probably have to host at least prometheus by myself inside our VPN.
what do you guys think?
-
Alright, I managed to get initial wireguard implementation working. It's in a branch, still some work to be done but atleast it's working. I am still figuring out routing between the networks but you can connect separately already.
The idea is to have both OpenVPN and Wireguard in the existing OpenVPN app. Maybe we will rename this app to be just VPN. Hopefully, we can get this out the coming week.
-
-
-