Wireguard is Awesome

November 6, 2021

I’ve been using WireGuard since late 2019. Several months ago I installed the Android client on my phone and tablet, and the Windows client in a Windows 10 VM.

A few months ago I was able to disable external SSH access to my home network and public servers, and a few weeks ago disabled external IMAPS access too.

What’s so great about WireGuard?

Here’s a complete WireGuard client configuration file from my laptop with the keys, hosts, and subnets changed:

[Interface]
PrivateKey = sEJqK6KqBVkYdMi/66ORZXyD5NFzVcPcq/m0/Sd29m0=
Address = 192.168.43.1/32

[Peer]
PublicKey = WMoOWb0FMF516mGgKMyQefjMvD7xTO8NNCrQJJQnpUE=
PresharedKey = jhhJ1oFjHKEZ8pMK+hmar9SaQEQtJrd2lW6710kQ/d8=
EndPoint = vpn.example.com:53141
AllowedIPs = 192.168.42.0/24

 

That’s it.

If you’ve ever struggled with the mountain of configuration needed for IPsec or a TLS VPN like OpenVPN, then the example above should be a breathe of fresh air.

By the way, if you’re trying to route traffic from a client on a common reserved subnet (ex: 192.168.1.0/24) to network behind a VPN with the same subnet, take a look at the DNATs and Maps section of my NFtables Examples article.