[HN Gopher] Easy-wg-quick - Creates WireGuard configuration for ...
       ___________________________________________________________________
        
       Easy-wg-quick - Creates WireGuard configuration for hub and peers
       with ease
        
       Author : ZnZirconium
       Score  : 33 points
       Date   : 2020-10-17 18:49 UTC (4 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | xilni wrote:
       | How does this compare to an algo setup?
        
       | anderspitman wrote:
       | I've been diving pretty deep into networking recently, especially
       | from a self-hosting perspective. Self-hosting tends to turn into
       | a mess of domain name registration, VPS management, TLS cert
       | management, dyndns, port forwarding, hole punching, etc etc[0].
       | 
       | I think technologies like WireGuard are going to play an
       | important role in reducing that complexity (once we get some
       | higher abstractions). I started a list of useful software I've
       | found in this space here[1].
       | 
       | [0]: https://news.ycombinator.com/item?id=24475946
       | 
       | [1]: https://github.com/anderspitman/awesome-tunneling
        
       | dewitt wrote:
       | For those that find this interesting, I highly recommend
       | Tailscale (https://tailscale.com).
        
         | robertlagrant wrote:
         | Connect that to a printer and yet another reason for on-prem IT
         | goes away.
        
         | Fnoord wrote:
         | Caveat emptor: requires a Google or Microsoft account.
        
       | [deleted]
        
       | schoolornot wrote:
       | I understand WG is meant to be no frills but for my company to
       | use it, we need a standardized authentication framework around it
       | like Xauth that can handle usernames/passwords/certificates
       | (X509, not just keys)/MFA/etc. and server side tracking to allow
       | for termination of sessions when people leave. It's not something
       | I want to build myself. I would prefer that it be standardized
       | and added to the official clients. Even if it's as simple as an
       | OAuth flow that returns a key.
        
         | anderspitman wrote:
         | WG is rather low-level. Projects and companies like Tailscale
         | are tackling what you describe, and I'm confident we'll
         | eventually have open standards as well.
        
         | nine_k wrote:
         | You look exactly the target audience of Tailscale.
        
         | Fnoord wrote:
         | Wireguard doesn't support MFA so it isn't complaint to the
         | frameworks we require (I guess Tailscale is). Tho you can make
         | a SSH proxy with MFA if you enforce MFA via PAM (e.g. FIDO2 or
         | TOTP are both possible).
        
       | patagurbon wrote:
       | Maybe I'm just inept but the only way I could get WireGuard
       | running on a Debian Buster server was with easy-wg-quick. And it
       | works (almost) perfectly.
       | 
       | The only issue I've had is adding a 3rd client. My windows
       | desktop just will not connect. Another Windows laptop, and an
       | Android work perfectly.
        
       ___________________________________________________________________
       (page generated 2020-10-17 23:00 UTC)