>You generate a key on each device and register the public key with the server. I certainly do always end up debugging the VPN network stack eventually.
>Installed just like any other distro package, plus one-time setup to generate the key and import it and the server's public key into systemd-networkd / NetworkManager.Īnd if that won't work you're gonna be stuck debugging the network setup. Unless you happen to be behind a CGNAT or you're on a mobile network or or or or. >I have a static v6 IP on the WG server (home router, running OPNsense).Įxcuse my snark, but not everyone has a static v6 IP. But Tailscale has replaced all my client vpns for good reason. Wireguard is great, I'm using it for all my site-to-site still (and it blows OpenVPN out of the water). Just the seemless integration with Azure AD has saved maintenance time over NPS+Radius+ADConnect+OpenVPN. Tailscale is building a service that doesn't require me to run and maintain a centrally connectable server, one that ties into a single-sign-on solution, one that logs activity, one that's introduced a system in which I don't even have to trust their control plane exclusively (Tailnet Lock). When the dam does eventually leak, we have to know how much and how it started. We have to log everything, often offsite, and often into immutable storage. Even with adequate staffing, it's like a dam you're constantly patching to prevent leakage. However, modern industry is plagued by an endless war with vulnerabilities, exploits, and malicious insiders.
Then you should continue using regular WireGuard. Regular WireGuard works perfectly fine for me. Why on Earth would I want to use a security product that phones home.
0 kommentar(er)
