Not to be that guy...but there are no WireGuard servers or clients, only peers. Some setups "look" like clients, some "look" like servers, but it's peers all the way down.
this post was submitted on 07 Mar 2024
317 points (100.0% liked)
linuxmemes
24275 readers
597 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
3. Post Linux-related content
sudo in Windows.4. No recent reposts
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
It's OK I was literally OMW to be that guy.
Do you mean itβs fully bidirectional?
E.g. connecting to the WireGuard βserverβ my work set up allows them full access to my internal network?
I would have assumed I would need to set some sort of reverse routing in that case
Nope, routing traffic between your network and the tunnel would involve routes and possibly NAT.
Wireguard is just a special interface on a peer computer that you can send packets to. What each peer decides to do with the packets is in the realm of routing.
Not unless your endpoint is configured to act as a gateway (IP forwarding, maybe also with masquerade) and allows other clients to access the IP address ranges you use in your home LAN (AllowedIP).
That was my assumption, but the way it was stated, I wanted to clarify there wasnβt something special about WireGuard in the way people tend to mean peer to peer
Its peer-tp-peer in that it can be configured in multiple modes on a peer by peer, interface by interface basis. You can make point to point, hub & spoke, or full mesh topologies. If you configure one of the peers for IP forwarding, it can gateway to external networks. If you configure two peers with IP forwarding and establish some routing you can build site to site topologoes, or add more peers for site to multisite and full mesh site topologies. Add IP masquerade (source NAT or PAT) to any of those topologies and it can provide remote access VPN.
Its very flexible. Most config guides walk you through a basic remote access VPN scenario that lets remote peers access local LAN services at the one end, but not the other, and/or additionally access Internet resources via IP masquerade. The other topologies require more work, but are (edit: not) much more difficult than the remote access use case.
Thanks for the in depth explanation.
When Iβm using it from my work laptop to workβs server to access internal sites, it feels very client -> server.
When they said peer to peer, I was worried I was somehow also exposing my personal devices to workβs network
I didnβt realize there were so many other ways to set it up
It is the virtual equivalent of connecting 2 devices together via a cable
Explain me
It's unexplainable
You are probably a boy. You either have a PP, or are storing PP for later use, or both; only you have this sacred knowledge.
Edit: the person to whom I am responding is literally named PP_BOY.
nmcli con import type wireguard file path_to_wireguard_config_file.conf
All hail the sacred command line.
Even Gnome natively supports Wireguard VPN client by default. There is also wireguard tools on apt. wg-quick up /path/to/conf
As a Linux nerd and Privacy/Open source advocate it's tough to admit. But I can't use DuckDuckGo. I work as a Linux Sysadmin and Google is the only search engine reliably returning good results (especially on more obscure topics). With DuckDuckGo I've often noticed that it will simply "drop" words from you search terms (i.e. if you search "yellow computer chair" it might just show you any kind of yellow chair or something like that) which makes it unusable for precise searches.
That's so weird, I decided to completely drop Google as my primary a while back because by the end, the only search results I got was literally only spam and SEO spam/adware links on anything I ever searched. DDG didn't have any of this. Could search how to do something on a Foss project running on my server and 80% of the results were spam links and the other weren't even relevant to the search. For me Google took a shit, Bing was slow and DDG was just a good in-between.
you may want to try out kagi.
google get worse, because they have a strong incentive to deliver ads, and a weaker incentive to deliver good results (see Cory Doctorow). Kagi is a subscription service, so their only incentive is to deliver good results.
on HN there are regularly good discussions on the topic, e.g. https://news.ycombinator.com/item?id=37852133
What's nm?
NetworkManager, presumably.
NetworkManager UI for most things to do with network on Linux
That's connman for me.
Istg ddg has some of the worst SEO hells imaginable. Worse than Googles.
Kagi Quick Answer
To setup a WireGuard VPN client in Linux using NetworkManager (nm), there are a few steps:
Ensure you have the latest version of NetworkManager installed as older versions may not support WireGuard. According to result [1], NetworkManager version 1.26.2 or higher is required.
Obtain the client configuration file from your VPN provider or server administrator. This file will contain the connection details like the server endpoint IP/URL, listen port, public and private keys, and allowed IP ranges.
Import the client configuration file into NetworkManager. This can be done using the nmcli command line tool or the NetworkManager GUI. For example, using nmcli:
nmcli connection import type wireguard file /path/to/client/config.conf
Activate the WireGuard VPN connection. Using nmcli:
nmcli connection up id wireguard-client
You should now be connected to the VPN. You can verify the connection status and check that traffic is being routed through the VPN by pinging internal resources. The NetworkManager GUI provides an easy way to import and manage VPN connections without using command line commands. Results [2] and [3] provide a mapping of WireGuard client configuration file settings to the NetworkManager GUI advanced editor.
Let me know if you have any other questions!
Language models are most useful when the search engines think they're smarter than you
Late answer: this was the solution for me. Thx.
I love the irony in that this is exactly what OP was saying they didn't want.
I don't know what you are talking about
Unless I've forgotten how this meme format works, OP was looking how to setup wireguard using NetworkManager, but DDG kept returning results on setting up a wireguard server. That link is a tutorial on setting up a wireguard server, and then connecting a peer using wg-quick (and not NetworkManager).
Yeah I do actually know exactly what you are talking about I'm just being Albert
cp wg0.conf /etc/wireguard && wg-quick up wg0