[Swan-dev] simple setup
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Oct 8 18:47:21 UTC 2018
On Sat 2018-10-06 09:26:09 +0300, Kim B. Heino wrote:
> Back to topic: Webgui will not make libreswan simple to setup for first
> time user. It makes it even more complex.
I agree with the goals of this thread. I've been nudging Paul for over
a year now with the hopes of getting something running that "just works"
with something as close to an "{apt|dnf} install libreswan" as possible.
I recognize that where authentication is important, there will need to
be some additional config -- at least to identify the relevant peers --
but i'm happy to automate those bits as much as we can.
I agree with Kim that a web interface is *not* the way to go. wireguard
configuration files are pretty simple, dumb .ini-file style configs that
identify peers by public key.
Below is the most complex example from wg(8):
[Interface]
PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=
ListenPort = 51820
[Peer]
PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=
Endpoint = 192.95.5.67:1234
AllowedIPs = 10.192.122.3/32, 10.192.124.1/24
[Peer]
PublicKey = TrMvSoP4jYQlY6RIzBgbssQqY3vxI2Pi+y71lOWWXX0=
Endpoint = [2607:5300:60:6b0::c05f:543]:2468
AllowedIPs = 10.192.122.4/32, 192.168.0.0/16
[Peer]
PublicKey = gN65BkIKy1eCE9pP1wdc8ROUtkHLF2PfAqYdyYBz6EA=
Endpoint = test.wireguard.com:18981
AllowedIPs = 10.10.10.230/32
(note that even the "Endpoint" lines aren't necessary for the the
passive side (the "server") of a VPN connection)
Can libreswan offer something comparably simple for users whose goal is
a "VPN"? Or, if libreswan sees that targeted use case as not-in-scope,
is there some other use case that libreswan can offer a comparably
compelling minimalist configuration?
--dkg
More information about the Swan-dev
mailing list