在CyberGizmo的这一集中,我们探索Linux上的Wireguard,是的,回到Fedora,再次回到家真是太好了:D在Patreon上支持我:https://www.patreon.com/DJWare关注我:Twitter @ djware55 Facebook :https://www.facebook.com/don.ware.7758不一致:https://discord.gg/hQcShnh在此视频中使用的音乐“ NonStop” Kevin MacLeod(incompetech.com)在知识共享(Creative Commons)许可下:归因3.0执照 。
首先看一下Wireguard VPN
13 comments
Comments are closed.
What about Kubernetes? I can read https://wiki.archlinux.org/index.php/Kubernetes but would be awesome to see you explain it and test.
??????
wg1 local ip = 192.168.1.115 /24
wg2 local ip = 192.168.1.117 /24
– is it possible to set the IP's to /32 like how they are on the same "csma/cd"
– can you put a firewall on the Server VM{wg1} and only allow port 51820, to see if the connection will come up.
you should be able to via the console, then the same for wg2.
– how can you ping the web without going via the vpn or how can you only allows a sets of IP's via vpn ???
– is it possible to setup client laptop that use DHCP from a hotel, starbucks, etc….
– Can you explain "AllowedIPs=" ???????????????
I wish routers had ways to setup keys for security. It would make consumer routers less shit. The question is then would people use it? We've seen how lazy people are with security.
Been using Wireguard on my Linux platforms, iOS Phone, and iPad now for almost a year and it works superbly. I have it setup via a basic Linode Server in Atlanta, GA and connecting to this VPN to hide your IP address and encrypt your data on these devices is instantaneous and extremely fast. Thanks for the video.
I was wrong about AES-NI support its is not part of Wireguard
I tried WireGuard a couple years ago, it was very fast, but I needed to add more hosts to connect my computers remotely and each one meant either adding keys to every other host or have a central router.
Eventually I switched to ZeroTier and while it's not absolutely as fast it is much easier to set up a new machine into the network. It also supports peer-to-peer connections automatically, which is faster than having a central server like OpenVPN or something.
HI DJ,
I've spent like 2 years looking at wireguard, in its various state, and initially I gave up because it is – – at least for me, arcane. I know, its one of those elemental pieces of software that if people have the background and knowledge, it makes sense.
The only real world way I have been able to actually use it, is in the following ways –
Using GLiNet cheap routers. These are cheap and cheerful.
Using either a raspberry pi, or using linux, but with the same method –
and running this
– https://www.pivpn.io/
I'd be interested in what someone like yourself makes of that easier to utilise end user type of scripted install for WG…
I think the premise of wireguard is terrific. For it to succeed, it will depend on the tooling that allows humans to deploy and use. Otherwise we'll find people using inferior VPNs if the good stuff has a high barrier to entry.
As ever, I appreciate your time and amazing insight.
Cheers
8:03 WireGuard uses ChaCha20, not AES, so AES-NI is neither used nor required by Wireguard. It runs fine on many different types of CPUs, including quite simple embedded hardware.
We use Wireguard on several different architectures of OpenWRT routers to great effect, many of which run OpenVPN very poorly. None of these have any special crypto functions for ChaCha20, though they do have some AES accelerations (many more recent ARM-like processors optimise AES for example). Despite this Wireguard throughput far exceeds AES-based VPNs on the same hardware.
Nice!
Thanks ?
Just watched once without taking any notes, I will watch it later with Kate and a terminal. I do have 3 Arch VM's for some training and I might use them with this. Thank you.
Finally, somebody explains this topic in a proper fashion, that one can actually understand. Thanks!
Back home on Fedora. NIce. My nuke and pave laptop install of Fedora 33 Xfce is still doing fine. (Recall I did this primarily to convert from BIOS to UEFI.) This weekend I did an upgrade from Fedora 32 to 33 on my other laptop, also the Xfce version. The upgrade preserved my ext4 file system and partitions without a hitch, so now I have one installation with Btrfs and another with Ext4. I doubt if my "grandpa coder" use case will result in any major differences in performance between the two, but we will see. Cheers.