Show pagesourceOld revisionsBacklinksBack to top Share via Share via... Twitter LinkedIn Facebook Pinterest Telegram WhatsApp Yammer RedditRecent ChangesSend via e-MailPrintPermalink × Table of Contents WireGuard (VPN) Maintainer Description Features Installation Install NethServer WireGuard module Virtual Host Login Create interface Add peer Modify peer Start VPN Add User Route to internal LAN Known Issues Issues Links WireGuard (VPN) The used UI for wireguard, wg-manager seems discontinued and isn't working properly. I hope to implement another UI soon. Maintainer mrmarkuz | dev@markusneuberger.at | https://www.markusneuberger.at Description This package provides WireGuard on NethServer. Features Setup VPN connections in a few minutes with WG Manager UI Installation Install the mrmarkuz repo. Install NethServer WireGuard module Install nethserver-wireguard: yum -y --enablerepo=mrmarkuz install nethserver-wireguard Virtual Host A dedicated virtual host is needed for WG Manager. config setprop wg-manager VirtualHost subdomain.domain.tld signal-event nethserver-wireguard-update Login Go to https://subdomain.domain.tld and login with username wg-manager and with the wg-manager secret found in /var/lib/nethserver/secrets/wg-manager . Create interface WireGuard uses interfaces (wg0, wg1, etc) and peers (machines connecting to WireGuard VPN). Expand the Interface Creation on top of the site. You need to enable IPv6 due to a bug in the UI. The Allowed IPs are the routes that are created. An Allowed IP of 0.0.0.0/0 will set the default route so any traffic is directed to the VPN. Add peer Add a new peer. Modify peer Modify the peer settings like the name. You may add a pre shared key for the peers but it's optional. Start VPN Start the VPN interface. You may use the QR codes or export functions to deploy your clients. Add User On the right top, there's the user menu: To add a user go to “Edit user”. Modify Full name, username, email and password to your needs. There's a bug regarding the mail address, it's limited to 20 chars. When finished click on “Edit user”. Nothing happens but the user is created. You may logout and login with the new user. Route to internal LAN In the interface settings you have a postup and postdown script: }} iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; Change eth0 to the interface you want to allow the VPN, usually the LAN interface. Known Issues The UI is under development and has a few issues but some of them are already covered by PRs. No autostart of wireguard No LDAP IPv6 needs to be enabled Don't change the password of the user or the service won't start anymore, it's a bug. As workaround just delete the database file /opt/wg-manager/database.db and restart the wg-manager service. Issues Please raise issues on NethServer Community Links Community feature thread: https://community.nethserver.org/t/wireguard-support-in-nethserver/7484 module mrmarkuzrepo module/wireguard.txt Last modified: 2023/02/23 14:54by Markus Neuberger