Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Using WireGuard in what way?

Using WireGuard to gate access to a server. It looks like it's a VPN, not an access control mechanism. So I am curious how this works.



It is a VPN. The point was to block all external traffic except for VPN traffic. Then make sure your VPN is secure, and you're all set. When you want to connect to some service, connect to the VPN first and then connect to the service through the VPN. Then all your traffic has actual security and not just some light obfuscation via secret handshake.

IMO, "only wireguard" is too restrictive of a policy - I also trust openssh and nginx to be open to the internet, if configured moderately carefully. Most FOSS servers that are widely deployed on the internet are safe to be deployed on the internet, or we'd know about it. I reviewed something that's not widely deployed on the internet though (Apache Zookeeper) and couldn't convince myself that every code path was properly checking authentication. That would have to go behind a VPN.


WireGuard is sort of a VPN, but really its core is peer to peer links with simple, footgun-resistant configs.

The most mundane setup is two peers with each other’s public keys that let each peer talk to the other via the WireGuard link.


Set up WireGuard, filter everything but WireGuard (51820/udp) on en0, and then SSH in over the WireGuard connection.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: