[HN Gopher] Easy-wg-quick - Creates WireGuard configuration for ... ___________________________________________________________________ Easy-wg-quick - Creates WireGuard configuration for hub and peers with ease Author : ZnZirconium Score : 33 points Date : 2020-10-17 18:49 UTC (4 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | xilni wrote: | How does this compare to an algo setup? | anderspitman wrote: | I've been diving pretty deep into networking recently, especially | from a self-hosting perspective. Self-hosting tends to turn into | a mess of domain name registration, VPS management, TLS cert | management, dyndns, port forwarding, hole punching, etc etc[0]. | | I think technologies like WireGuard are going to play an | important role in reducing that complexity (once we get some | higher abstractions). I started a list of useful software I've | found in this space here[1]. | | [0]: https://news.ycombinator.com/item?id=24475946 | | [1]: https://github.com/anderspitman/awesome-tunneling | dewitt wrote: | For those that find this interesting, I highly recommend | Tailscale (https://tailscale.com). | robertlagrant wrote: | Connect that to a printer and yet another reason for on-prem IT | goes away. | Fnoord wrote: | Caveat emptor: requires a Google or Microsoft account. | [deleted] | schoolornot wrote: | I understand WG is meant to be no frills but for my company to | use it, we need a standardized authentication framework around it | like Xauth that can handle usernames/passwords/certificates | (X509, not just keys)/MFA/etc. and server side tracking to allow | for termination of sessions when people leave. It's not something | I want to build myself. I would prefer that it be standardized | and added to the official clients. Even if it's as simple as an | OAuth flow that returns a key. | anderspitman wrote: | WG is rather low-level. Projects and companies like Tailscale | are tackling what you describe, and I'm confident we'll | eventually have open standards as well. | nine_k wrote: | You look exactly the target audience of Tailscale. | Fnoord wrote: | Wireguard doesn't support MFA so it isn't complaint to the | frameworks we require (I guess Tailscale is). Tho you can make | a SSH proxy with MFA if you enforce MFA via PAM (e.g. FIDO2 or | TOTP are both possible). | patagurbon wrote: | Maybe I'm just inept but the only way I could get WireGuard | running on a Debian Buster server was with easy-wg-quick. And it | works (almost) perfectly. | | The only issue I've had is adding a 3rd client. My windows | desktop just will not connect. Another Windows laptop, and an | Android work perfectly. ___________________________________________________________________ (page generated 2020-10-17 23:00 UTC)