Please keep in mind that in this guide I am describing how to connect securely to your home network remotely via WireGuard in OPNsense and not how to connect OPNsense to an external WireGuard VPN provider such as Mullvad. I will refer to the WireGuard installation on OPNsense as the WireGuard server rather than a “peer” to make it more clear which device I am configuring unless I am describing various elements on the user interface so that I am consistent with the terminology used by WireGuard. Therefore, the WireGuard VPN in OPNsense is simply a peer which other WireGuard-enabled devices (peers) on your network may connect. Every device connecting via WireGuard is considered a peer or endpoint. WireGuard uses the terminology of peers and endpoints rather than clients and servers. The handshake avoids a denial of service vulnerability created by allowing any state to be created in response to packets that have not yet been authenticated.”ĭevices that connect via WireGuard are referred to as “peer” devices. In fact, the server does not even respond at all to an unauthorized client it is silent and invisible. “We require authentication in the first handshake message sent because it does not require allocating any state on the server for potentially unauthentic messages. Here is a quote from the WireGuard documentation: That is a nice security benefit of WireGuard. The WireGuard protocol is designed to only respond to clients which present a valid key so WireGuard cannot be port scanned like other services since it requires authentication before any response is sent. WireGuard is similar to a SSH server that is configured to use keys since only devices which share their cryptographic keys with one another are able to connect via an encrypted tunnel. It seemed to be more difficult than configuring OpenVPN even though there are fewer options to configure in WireGuard (since WireGuard takes care of many details behind the scenes). I found setting up WireGuard in OPNsense to be more difficult than I anticipated when I was first learning how to properly configure the service. WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up once you understand how it functions in OPNsense.
0 kommentar(er)
