We are reaching out to gather feedback on the implementation of WireGuard on NethSecurity. Many of you have already requested the possibility of using WireGuard, and we are working to meet your request. NethSecurity currently supports WireGuard, but it is only accessible via LuCI, the old OpenWrt interface.
Before proceeding further, we would like to ask a few questions to understand the direction to take:
Are you interested only in the Road Warrior mode, or also in the tunnel mode?
For tunnel mode, would you prefer a star topology or point-to-point like the OpenVPN tunnels?
Should it be integrated with existing users, or do you think it should be something separate?
Would you consider using it if we initially released a command-line-only version, properly documented, and then gradually released a well-designed, complete interface?
Your feedback and suggestions are highly appreciated!
I’m more then willing to help testing.
Regarding your questions:
“Are you interested only in the Road Warrior mode, or also in the tunnel mode?”
can you elaborate what the difference is between Road Warrior and tunnel in regards to WireGuard ?
“For tunnel mode, would you prefer a star topology or point-to-point like the OpenVPN tunnels?”
Meshing networks together can be done with roules and routes, does it not ?
Later if the WireGuard interface is shown in the NethSecurity GUI it can be done via “Zones and policies” an “Interfaces and devices”. Nothing to do extra here, in my opinion.
depends on answer for 1.
“Would you consider using it if we initially released a command-line-only version, properly documented, and then gradually released a well-designed, complete interface?”
There is no a real difference on a VPN point of view, it’s something more related to the UI: in a tunnel mode you’re configuring a net2net VPN, so you must specify the networks behind the firewalls connected with the VPN.
In a Road Warrior scenario, the client is just a PC and not a firewall that must route an entire network. In this case a typical Road Warrior scenario can be a user account.
Yes, you’re totally right! But for most users these two extra steps are often hard to understand. Since WireGuard can handle it automatically, we are evaluating to integrate them in the VPN configration.