Wireguard

Wireguard is a very simple, fast, and secure VPN fit for almost any circumstance. In my use case, it is for remotely accessing my infrastructure when I am not in my dormitory. An example of this would be accessing my infrastructure from Champlain College's campus to demonstrate my environment to my peers and professors.

How does my Wireguard VPN setup work?

Protocol	Source Address	Internal Address	Wireguard Example Port
UDP	0.0.0.0/0	192.168.1.1	51820

• On my external-facing router, I am port forwarding the address of my router and the port I am using for Wireguard.
  • In this example, we are using the default port of 51820, in my actual installation, it is a different number.
  • Note that I am using a source address of 0.0.0.0/0 - This is because my laptop will often renew a different DHCP address on the College's network.
    • This would be a minor security risk if a threat actor could access my external-facing router from the inside and create a new Wireguard Client configuration file, complete with a pre-shared key, but they would need to be able to access the network from the inside.
    • The actual Wireguard configuration permits only a single specific IP Address on the VPN. This also mitigates that problem.

Accessing the network remotely

• Demonstration of the Wireguard client configuration file

• Demonstration of the Wireguard client pinging the Proxmox Server by FQDN