1.2 KiB
VPN
For the longest time, I have configured an OpenVPN server so that I can connect to my network remotely (tunnel). However, I am currently replacing this deployment with Wireguard due to its speed, easy of use/deployment, and security.
OpenVPN
My OpenVPN deployment uses certificates issues from my internal certificate authority for authentication. In addition, each of my devices (laptop, phone, etc) is issued a different certificate so that I can lock the OpenVPN to allow only 1 connection per certificate. As long as OpenVPN is prompted with a user certificate signed from my CA, it lets the connection through.
You'll note that the firewall needs to route traffic from the VPN network (10.8.0.0/16) to the local network (192.168.0.0./24).
Wireguard
Wireguard is quite slim so a lot of the functionality I am expecting (certificate authentication, DHCP, key exchange) is not available (this is part of what makes it secure). Instead, I will have to create my own method of distributing and keeping track of keys generated by Wireguard.
Wireguard appears to handle making the routes itself, so I should be able to remove my OpenVPN route rules from my firewall no problem.