WireGuard VPN: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
mNo edit summary
Line 90: Line 90:
|This field is for the public key of the tunnel peer.
|This field is for the public key of the tunnel peer.
|-
|-
|'''Remote Endpoint Type'''
|colspan="2" align="center"|<b>Remote Endpoint</b>
|-
|'''Type'''
|This field controls the endpoint type for the peer.
|This field controls the endpoint type for the peer.
* Select <b>Roaming<b> for peers that move around, and do not have a fixed or known IP address.
* Select <b>Roaming</b> for peers that move around, and do not have a fixed or known IP address.
* Select <b>Static<b> for peers that have a fixed IP address.
* Select <b>Static</b> for peers that have a fixed IP address.
|-
|-
|'''Remote Peer IP Address'''
|'''Remote Peer IP Address'''

Revision as of 19:17, 13 May 2020

    WireGuard VPN
Other Links:
WireGuard VPN Description Page
WireGuard VPN Demo
WireGuard VPN Forums
WireGuard VPN Reports
WireGuard VPN FAQs



About WireGuard VPN

The WireGuard VPN service provides virtual private networking via WireGuard, which is an open source lightweight VPN application and protocol designed to be fast, secure, and easy to configure.

The VPN Overview article provides some general guidance of which VPN technology may be the best fit for different scenarios.

Settings

This section reviews the different settings and configuration options available for WireGuard VPN.

Status

The Status tab shows the status of the WireGuard VPN service

  • Local Service Information
This section displays information about the local WireGuard service such as the public key, endpoint address and port, peer address, and the list of local networks.
  • Connected Tunnels
This section shows a list of active WireGuard tunnels.


Settings

  • Listen port
Sets the port where the WireGuard server will listen for inbound tunnel connections from peers.
  • Keepalive interval
Sets the passive keepalive interval which ensures that sessions stay active and allows both peers to passively determine if a connection has failed or been disconnected.
  • MTU
Sets the MTU size for WireGuard tunnels.

Peer IP Address Pool

  • Assignment
Used to select the method for address pool assignment. Can be set for Automatic to allow the system to automatically select an unused network space or Self-assigned to configure a user entered network space.
  • Network Space
Shows the automatically assigned networks space or allows editing the self-assigned network space.
  • New Network Space
Click when using Automatic assignment to select a new random network space.


Tunnels

The Tunnels tab is where you create and manage WireGuard peers. The main tab display shows a summary of all WireGuard tunnels that have been created.

  • Tunnel Editor
When you create a new tunnel, or edit and existing tunnel, the tunnel editor screen will appear with the following configurable settings:
Name Description
Enabled This checkbox allows you to set a tunnel to either enabled or disabled.
Description This field should contain a short name or description.
Remote Public Key This field is for the public key of the tunnel peer.
Remote Endpoint
Type This field controls the endpoint type for the peer.
  • Select Roaming for peers that move around, and do not have a fixed or known IP address.
  • Select Static for peers that have a fixed IP address.
Remote Peer IP Address This field sets the IP address that will be used by the remote peer.
Remote Networks This field is used to configure the list of remote networks that should be routed across this WireGuard tunnel. Networks should be entered on per line in CIDR (192.168.123.0/24) format.
Ping IP Address ping-address
Ping Interval ping-interval
Alert on Tunnel Up/Down alert-up-down
Alert on Ping Unreachable alert-unreachable
Local Service Information local-service-information

Reports

The Reports tab provides a view of all reports and events for all connections handled by WireGuard VPN.

Reports

This applications reports can be accessed via the Reports tab at the top or the Reports tab within the settings. All pre-defined reports will be listed along with any custom reports that have been created.

Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right.

Pre-defined report queries: {{#section:All_Reports|'WireGuard VPN'}}

The tables queried to render these reports:


Related Topics

IPsec VPN

OpenVPN

WireGuard VPN FAQs

How resilient is a WireGuard connection?

WireGuard is built for roaming. If your device changes networks, e.g. from WiFi to a mobile/cellular, the connection will persist because as long as the client sends correctly authenticated data to the WireGuard VPN server, the server keeps the connection alive.

What cryptography is used in WireGuard?

WireGuard uses several ciphers including ChaCha20, Curve25519, BLAKE2s, SipHash24, and HKDF. For more details refer to the WireGuard Protocol & Cryptography documentation.

What transport protocol and port does WireGuard use?

WireGuard encapsulates and encrypts all data using UDP with default port 51820. There is a built-in access rule to allow WireGuard traffic on this port.