Archives
/
opensense-docs
mirror of https://github.com/opnsense/docs
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Virtual Private Networking - restructure page and add some content. closes https://github.com/opnsense/core/issues/5353 as being a documentation issue.

Browse Source
pull/381/head
Ad Schellevis 2 years ago
parent 7691de4e9d
commit 1c6de56767
7 changed files with 227 additions and 408 deletions
Show Stats Download Patch File Download Diff File

335
source/manual/how-tos/ipsec-road.rst
Unescape Escape View File

@ -1,335 +0,0 @@
========================
Setup IPsec Road-Warrior
========================
Road Warriors are remote users who need secure access to the companies infrastructure.
IPsec Mobile Clients offer a solution that is easy to setup with macOS (native)
and is know to work with iOS as well as many Android devices.
For more flexibility use SSL VPNs, OPNsense utilizes OpenVPN for this purpose.
With this example we'll show you how to configure the Mobile Client Setup in
OPNsense and give you configuration examples for:
* macOS
* iOS
* Android
.. Note::
For the sample we will use a private IP for our WAN connection.
This requires us to disable the default block rule on wan to allow private traffic.
To do so, go to the :menuselection:`Interfaces --> [WAN]` and uncheck "Block private networks".
*(Dont forget to save and apply)*
.. image:: images/block_private_networks.png
-----------------------------
------------
Sample Setup
------------
For the sample configuration we configure OPNsense
**Company Network with Remote Client**
.. nwdiag::
:scale: 100%
nwdiag {
span_width = 90;
node_width = 180;
Internet [shape = "cisco.cloud"];
fileserver [label="File Server",shape="cisco.fileserver",address="192.168.1.10"];
fileserver -- switchlan;
network LAN {
switchlan [label="",shape = "cisco.workgroup_switch"];
label = " LAN";
address ="192.168.1.1.x/24";
fw1 [address="192.168.1.1/24"];
}
network WAN {
label = " WAN";
fw1 [shape = "cisco.firewall", address="172.18.0.164"];
Internet;
}
network Remote {
Internet;
laptop [address="172.10.10.55 (WANIP),10.10.0.1 (IPsec)",label="Remote User",shape="cisco.laptop"];
}
}
Company Network
---------------
==================== =============================
**Hostname** fw1
**WAN IP** 172.18.0.164
**LAN IP** 192.168.1.0/24
**LAN DHCP Range** 192.168.1.100-192.168.1.200
**IPsec Clients** 10.10.0.0/24
==================== =============================
---------------------------
Firewall Rules Mobile Users
---------------------------
To allow IPsec Tunnel Connections, the following should be allowed on WAN.
* Protocol ESP
* UDP Traffic on Port 500 (ISAKMP)
* UDP Traffic on Port 4500 (NAT-T)
.. image:: images/ipsec_wan_rules.png
:width: 100%
To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
interface.
.. image:: images/ipsec_ipsec_lan_rule.png
:width: 100%
-----------------------
Step 1 - Mobile Clients
-----------------------
First we will need to setup the mobile clients network and authentication methods.
Go to :menuselection:`VPN --> IPsec --> Mobile Clients`
For our example will use the following settings:
IKE Extensions
--------------
========================= ================ ================================================
**Enable** checked *check to enable mobile clients*
**User Authentication** Local Database *For the example we use the Local Database*
**Group Authentication** none *Leave on none*
**Virtual Address Pool** 10.0.0.0/24 *Enter the IP range for the remote clients*
========================= ================ ================================================
You can select other options, but we will leave them all unchecked for this
example.
**Save** your settings and select **Create Phase1** when it appears.
Then enter the Mobile Client Phase 1 setting.
-------------------------------
Step 2 - Phase 1 Mobile Clients
-------------------------------
Phase 1 General information
---------------------------
========================= ============= ================================================
**Connection method** default *default is 'Start on traffic'*
**Key Exchange version** V1 *only V1 is supported for mobile clients*
**Internet Protocol** IPv4
**Interface** WAN *choose the interface connected to the internet*
**Description** MobileIPsec *freely chosen description*
========================= ============= ================================================
Phase 1 proposal (Authentication)
---------------------------------
=========================== ====================== ======================================
**Authentication method** Mutual PSK +Xauth *Using a Pre-shared Key and Login*
**Negotiation mode** Agressive *Select Aggressive*
**My identifier** My IP address *Simple identification for fixed ip*
**Pre-Shared Key** At4aDMOAOub2NwT6gMHA *Random key*. **CREATE YOUR OWN!**
=========================== ====================== ======================================
Phase 1 proposal (Algorithms)
-----------------------------
========================== ============= ===========================================================
**Encryption algorithm** AES *For our sample we will Use AES/256 bits*
**Hash algoritm** SHA1 *SHA1 for compatibility, you can try a stronger hash*
**DH key group** 1024 bit *1024 bit for compatibility, you can try stronger group*
**Lifetime** 28800 sec *lifetime before renegotiation*
========================== ============= ===========================================================
Advanced Options
----------------
======================= =========== ===================================================
**Disable Rekey** Unchecked *Renegotiate when connection is about to expire*
**Disable Reauth** Unchecked *For IKEv2 only re-authenticate peer on rekeying*
**NAT Traversal** Enabled *Enable for IKEv1*
**Dead Peer Detection** Unchecked
======================= =========== ===================================================
Save your setting by pressing:
.. image:: images/btn_save.png
Now you should see the following screen:
.. image:: images/ipsec_road_vpn_p1a.png
:width: 100%
-------------------------------
Step 3 - Phase 2 Mobile Clients
-------------------------------
Press the button that says '+ Show 0 Phase-2 entries'
.. image:: images/ipsec_s2s_vpn_p1a_show_p2.png
:width: 100%
You will see an empty list:
.. image:: images/ipsec_s2s_vpn_p1a_p2_empty.png
:width: 100%
Now press the *+* at the right of this list to add a Phase 2 entry.
General information
-------------------
======================= ================== =============================
**Mode** Tunnel IPv4 *Select Tunnel mode*
**Description** MobileIPsecP2 *Freely chosen description*
======================= ================== =============================
Local Network
-------------
======================= ================== ==============================
**Local Network** LAN subnet *Route the local LAN subnet*
======================= ================== ==============================
Phase 2 proposal (SA/Key Exchange)
----------------------------------
=========================== ============ ==========================================
**Protocol** ESP *Choose ESP for encryption*
**Encryption algorithms** AES / 256 *For the sample we use AES 256*
**Hash algorithms** SHA1 *You may also try stronger SHA512*
**PFS Key group** off *Enable a group fro stronger security*
**Lifetime** 3600 sec
=========================== ============ ==========================================
Save your setting by pressing:
.. image:: images/btn_save.png
-----------------------------
Enable IPsec, Select:
.. image:: images/ipsec_s2s_vpn_p1a_enable.png
:width: 100%
Save:
.. image:: images/btn_save.png
And Apply changes:
.. image:: images/ipsec_s2s_vpn_p1a_apply.png
:width: 100%
------------------
.. image:: images/ipsec_s2s_vpn_p1a_success.png
:width: 100%
-----------------------------
.. Note::
If you already had IPsec enabled and added Road Warrior setup, it's important to
restart the whole service via services widget in the upper right corner of IPSec pages
or via :menuselection:`System --> Diagnostics --> Services --> Strongswan` since applying configuration only
reloads it, but a restart also loads the required modules of strongswan.
------------------------
Step 4 - Add IPsec Users
------------------------
For this example we will create a new user who may access the mobile IPsec vpn.
Go to :menuselection:`System --> Access --> Users` and press the **+** sign in the lower right corner
to add a new user.
Enter the following into the form:
=============== ==========
**User Name** expert
**Password** &test!9T
=============== ==========
**Save** to apply.
----------------------
-------------------------
Step 5 - Configure Client
-------------------------
To illustrate the client setup we will look at the configuration under macOS, including
some screenshots. The configurations for Android and iOS will be settings only.
.. Note::
Configuration samples listed here where created using latest macOS, iOS and
Android devices on time of publication in February 2016.
----------------------
Configure macOS Client
----------------------
Start with opening your network settings (:menuselection:`System Preferences --> Network)` and
Add a new network by pressing the + in the lower left corner.
Now select **VPN** and **Cisco IPSec**, give your connection a name and press **Create**.
.. image:: images/osx-ipsec-new.png
:width: 100%
Now enter the details for our connection:
.. image:: images/osx-ipsec-conf1.png
:width: 100%
Next press **Authentication Settings** to add the group name and pre-shared key.
.. image:: images/osx-ipsec-conf2.png
:width: 100%
Press **OK** to save these settings and then **Apply** to apply them.
Now test the connection by selecting it from the list and hit **Connect**.
.. image:: images/osx-ipsec-connected.png
:width: 100%
**Done**
--------------------
Configure iOS Client
--------------------
To add a VPN connection on an iOS device go to :menuselection:`Settings --> General --> VPN`.
Select **Add VPN Configuration** chose **IPsec** and use the Following Settings:
========================== ======================= ========================================
**Description** IPsec OPNsense *Freely chosen description*
**Server** 172.18.0.164 *Our server address*
**Account** expert *Username of the remote account*
**Password** &test!9T *Leave blank to be prompted every time*
**Preshared IPsec-key** At4aDMOAOub2NwT6gMHA *Our PSK*
========================== ======================= ========================================
------------------------
Configure Android Client
------------------------
To add a VPN connection on an Android device go to :menuselection:`Settings --> Connections --> more networks`,
select **VPN**. Press the **+** in the top right corner to add a new VPN connection.
Use the Following Settings:
========================== ======================= =============================
**Name** IPsec OPNsense *Freely chosen name*
**Type** IPSec Xauth PSK *As configured in OPNsense*
**Server address** 172.18.0.164 *Our server address*
**Preshared IPsec-key** At4aDMOAOub2NwT6gMHA *Our PSK*
========================== ======================= =============================
**Save** and try connecting. To connect enter Username and Password for the user
*expert* we created in this example.

74
source/manual/how-tos/ipsec-rw-srv-ikev1xauth.rst
Unescape Escape View File

@ -173,3 +173,77 @@ Go to :menuselection:`System --> Trust --> Certificates` and create a new client
Just click **Add**, choose your CA and probably increase the lifetime. Everything else besides
the CN can be left default. Give a **Common Name** and **Save**. Download the newly created
certificate as PKCS12 and export it to you enduser device.
-------------------------
Step 6 - Configure Client
-------------------------
To illustrate the client setup we will look at the configuration under macOS, including
some screenshots. The configurations for Android and iOS will be settings only.
.. Note::
Configuration samples listed here where created using latest macOS, iOS and
Android devices on time of publication in February 2016.
----------------------
Configure macOS Client
----------------------
Start with opening your network settings (:menuselection:`System Preferences --> Network)` and
Add a new network by pressing the + in the lower left corner.
Now select **VPN** and **Cisco IPSec**, give your connection a name and press **Create**.
.. image:: images/osx-ipsec-new.png
:width: 70%
Now enter the details for our connection:
.. image:: images/osx-ipsec-conf1.png
:width: 70%
Next press **Authentication Settings** to add the group name and pre-shared key.
.. image:: images/osx-ipsec-conf2.png
:width: 70%
Press **OK** to save these settings and then **Apply** to apply them.
Now test the connection by selecting it from the list and hit **Connect**.
.. image:: images/osx-ipsec-connected.png
:width: 70%
**Done**
--------------------
Configure iOS Client
--------------------
To add a VPN connection on an iOS device go to :menuselection:`Settings --> General --> VPN`.
Select **Add VPN Configuration** chose **IPsec** and use the Following Settings:
========================== ======================= ========================================
**Description** IPsec OPNsense *Freely chosen description*
**Server** 172.18.0.164 *Our server address*
**Account** expert *Username of the remote account*
**Password** &test!9T *Leave blank to be prompted every time*
**Preshared IPsec-key** At4aDMOAOub2NwT6gMHA *Our PSK*
========================== ======================= ========================================
------------------------
Configure Android Client
------------------------
To add a VPN connection on an Android device go to :menuselection:`Settings --> Connections --> more networks`,
select **VPN**. Press the **+** in the top right corner to add a new VPN connection.
Use the Following Settings:
========================== ======================= =============================
**Name** IPsec OPNsense *Freely chosen name*
**Type** IPSec Xauth PSK *As configured in OPNsense*
**Server address** 172.18.0.164 *Our server address*
**Preshared IPsec-key** At4aDMOAOub2NwT6gMHA *Our PSK*
========================== ======================= =============================
**Save** and try connecting. To connect enter Username and Password for the user
*expert* we created in this example.

23
source/manual/how-tos/ipsec-rw.rst
Unescape Escape View File

@ -101,13 +101,13 @@ interface.
VPN compatibility
-----------------
In the next table you can see the existing VPN authentication mechanisms and which client
In the next table you can see the existing VPN authentication mechanisms and which client
operating systems support it, with links to their configurations.
For Linux testing was done with Ubuntu 18.4 Desktop and *network-manager-strongswan* and
*libcharon-extra-plugins* installed.
*libcharon-extra-plugins* installed.
As Andoid does not support IKEv2 yet we added notes for combinations with strongSwan
app installed to have a broader compatibility for all systems.
Mutual RSA and PSK without XAuth requires L2TP, since this legacy technology is
Mutual RSA and PSK without XAuth requires L2TP, since this legacy technology is
very error prone we will not cover it here.
.. csv-table:: VPN combinations
@ -122,3 +122,20 @@ very error prone we will not cover it here.
"IKEv2 EAP-MSCHAPv2","Y :doc:`/manual/how-tos/ipsec-rw-w7`","Y :doc:`/manual/how-tos/ipsec-rw-w7`","Y :doc:`/manual/how-tos/ipsec-rw-linux`","Y","Y","Y :doc:`/manual/how-tos/ipsec-rw-android`",":doc:`/manual/how-tos/ipsec-rw-srv-mschapv2`"
"IKEv2 Mutual RSA + EAP-MSCHAPv2","N","N","N","tbd","tbd","Y :doc:`/manual/how-tos/ipsec-rw-android`",":doc:`/manual/how-tos/ipsec-rw-srv-rsamschapv2`"
"IKEv2 EAP-RADIUS","Y :doc:`/manual/how-tos/ipsec-rw-w7`","Y :doc:`/manual/how-tos/ipsec-rw-w7`","Y :doc:`/manual/how-tos/ipsec-rw-linux`","Y","Y","Y :doc:`/manual/how-tos/ipsec-rw-android`",":doc:`/manual/how-tos/ipsec-rw-srv-eapradius`"
-----------------
List of examples
-----------------
.. toctree::
:maxdepth: 2
:titlesonly:
ipsec-rw-android
ipsec-rw-linux
ipsec-rw-srv-eapradius
ipsec-rw-srv-eaptls
ipsec-rw-srv-ikev1xauth
ipsec-rw-srv-mschapv2
ipsec-rw-srv-rsamschapv2
ipsec-rw-w7

6
source/manual/how-tos/sslvpn_client.rst
Unescape Escape View File

@ -231,11 +231,6 @@ of the form.
For our example will use the following settings:
.. Note::
The setting **Hardware Crypto** is not used for new systems equipped with **AES-NI**,
when the aesni module is loaded it will be used automatically.
===================================== ===============================================
**Description** *My SSL VPN Server*
**Server Mode** *Remote Access (SSL/TLS + User Auth)*
@ -250,7 +245,6 @@ For our example will use the following settings:
**DH Parameters Length** *4096 bit*
**Encryption algorithm** *AES-256-CBC (256-bit key, 128-bit block)*
**Auth Digest Algorithm** *SHA512 (512-bit)*
**Hardware Crypto** *No Hardware Crypto Acceleration*
**Certificate Depth** *One (Client+Server)*
**IPv4 Tunnel Network** *10.10.0.0/24*
**IPv6 Tunnel Network** *Leave Empty*

5
source/manual/how-tos/sslvpn_s2s.rst
Unescape Escape View File

@ -186,10 +186,6 @@ of the form.
For our example will use the following settings (leave everything else on its default):
.. Note::
The setting **Hardware Crypto** is not used for new systems equipped with **AESNI**,
when the aesni module is loaded it will be used automatically.
===================================== ===============================================
**Server Mode** *Peer to Peer (Shared Key)*
@ -202,7 +198,6 @@ For our example will use the following settings (leave everything else on its de
**DH Parameters Length** *4096*
**Encryption algorithm** *AES-256-CBC (256-bit)*
**Auth Digest Algorithm** *SHA512 (512-bit)*
**Hardware Crypto** *No Hardware Crypto Acceleration*
**IPv4 Tunnel Network** *10.10.0.0/24*
**IPv4 Local Network/s** *192.168.1.0/24*
**IPv4 Remote Network/s** *192.168.2.0/24*

BIN
source/manual/images/vpn.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.0 KiB

After

Width:  |  Height:  |  Size: 26 KiB

192
source/manual/vpnet.rst
Unescape Escape View File

@ -21,109 +21,183 @@ to a single site can easily be setup from within the graphical user interface.
For remote users, certificates can be created and revoked and a simple to use export
utility makes the client configuration a breeze.
--------------------------
Supported VPN technologies
--------------------------
OPNsense offers a wide range of VPN technologies ranging from modern SSL VPNs to
well known IPsec as well as older (now considered insecure) legacy options such as
L2TP and PPTP.
well known IPsec as well as WireGuard and Zerotier via the use of plugins.
.. image:: images/vpn.png
:width: 30%
--------------------------
IPsec
--------------------------
Since IPsec is used in many different scenario's and sometimes has the tendency to be a bit complicated, we
will describe different usecases and provide some examples in this chapter.
.................................
Site 2 Site policy based
.................................
Probably one of the oldest and most used scenarios is the policy based one.
Like all IPsec configurations, a standard site to site setup starts with a so called "Phase 1" entry to establish the
communication between both peers defined in :menuselection:`VPN -> IPsec -> Tunnel Settings`. After the phase 1
is configured, the "Phase 2" defines which policies traffic should match on.
Since the kernel traps traffic mactching defined policies, no additional routing need to be configured in order to
communicate between both ends of a tunnel.
.. Note::
VPN technologies displayed with an open lock are considered to be insecure.
Using Network Address Translation in these types of setups is different, due to the fact that the installed IPsec policy
should accept the traffic in order to encapsulate it. The `IPSec BINAT` document will explain how to apply translations.
.. Tip::
When matching overlapping networks in a policy, make sure to exclude your own network segments in the
:code:`Passthrough networks` option in :menuselection:`VPN -> IPsec -> Advanced Settings` to prevent traffic being blackholed.
.. toctree::
:maxdepth: 2
:titlesonly:
how-tos/ipsec-s2s
how-tos/ipsec-s2s-binat
.................................
Integrated VPN options
Site 2 Site route based (VTI)
.................................
Integrated solutions are those that are available within the GUI without installing
any additional package or plugin. These include:
Unlike the policy based setup described in the previous chapter, the route based variant depends on custom routes being installed
on both ends of the tunnel. When adding a route based tunnel, the system will add an interface for you which you can use in normal
routing operations.
* **IPsec**
* **OpenVPN (SSL VPN)**
.. toctree::
:maxdepth: 2
:titlesonly:
how-tos/ipsec-s2s-route
how-tos/ipsec-s2s-route-azure
.................................
Plugin VPN options
Road Warriors / Mobile users
.................................
Via plugins additional VPN technologies are offered, including:
For people working from home IPsec is also an option, althouh a bit more complicated in comparison to OpenVPN due
to the many different implementation types.
* **Legacy L2TP & PPTP**
* **OpenConnect** - SSL VPN client, initially build to connect to commercial vendor appliances like Cisco ASA or Juniper.
* **Stunnel** - Provides an easy to setup universal TLS/SSL tunneling service, often used to secure unencrypted protocols.
* **Tinc** - Automatic Full Mesh Routing
* **WireGuard** - Simple and fast VPN protocol working with public and private keys.
* **Zerotier** - seamlessly connect everything, requires account from zerotier.com, free for up to 100 devices.
.. toctree::
:maxdepth: 2
:titlesonly:
how-tos/ipsec-rw
.................................
Diagnostics
.................................
In order to keep track of the connected tunnels, you can use the :menuselection:`VPN -> IPsec -> Status Overview`
to browse through the configured tunnels.
The :menuselection:`VPN -> IPsec -> Security Policy Database` is also practical to gain insights in the registered policies,
when NAT is used, the additional SPD entries should be visible here as well.
-------------
Log Files
-------------
When troubleshooting problems with your firewall, it is very likely you have to check
the logs available on your system. In the UI of OPNsense, the log files are generally grouped
with the settings of the component they belong to. The log files can be found here:
with the settings of the component they belong to. The log files can be found in the "Log file" menu item.
================= =============================================== =====================================
**IPsec Log** :menuselection:`VPN --> IPsec --> Log File` *Everything around IPsec goes here*
**OpenVPN Log** :menuselection:`VPN --> OpenVPN --> Log File` *OpenVPN logs everything here*
================= =============================================== =====================================
.. Tip::
.. Note::
Log files on file system:
/var/log/ipsec.log (clog)
/var/log/openvpn.log (clog)
When trying to debug various issues, the amount of log information gathered can be configured using the settings
in :menuselection:`VPN -> IPsec -> Advanced Settings`.
-------------
Configuration
-------------
Please read our how-tos for configuration examples and more detailed information.
..............
IPsec
..............
--------------------------
OpenVPN (SSL VPN)
--------------------------
One of the main advantages of OpenVPN in comparison to IPsec is the ease of configuration, there are less settings involved
and it's quite simple to export settings for clients.
.................................
Site 2 Site
.................................
OpenVPN on OPNsense can also be used to create a tunnel between two locations, similar to what IPsec offers, generally
the performance of IPsec is higher which usually makes this a less common choice.
.. toctree::
:maxdepth: 2
:titlesonly:
how-tos/ipsec-road
how-tos/ipsec-s2s
how-tos/ipsec-s2s-route
how-tos/ipsec-s2s-binat
how-tos/ipsec-rw
how-tos/ipsec-rw-android
how-tos/ipsec-rw-linux
how-tos/ipsec-rw-srv-eapradius
how-tos/ipsec-rw-srv-eaptls
how-tos/ipsec-rw-srv-ikev1xauth
how-tos/ipsec-rw-srv-mschapv2
how-tos/ipsec-rw-srv-rsamschapv2
how-tos/ipsec-rw-w7
how-tos/ipsec-s2s-route-azure
how-tos/sslvpn_s2s
..............
OpenVPN
..............
.. Note::
When using the site to site example with :code:`SSL/TLS` instead of a shared key, make sure to configure "client specific overrides"
as well to correctly bind the remote networks to the correct client.
.................................
Road Warriors / Mobile users
.................................
Mobile usage is really where OpenVPN excells, with various (multifactor) authentication options and a high flexibility in available network options.
.. toctree::
:maxdepth: 2
:titlesonly:
how-tos/sslvpn_client
how-tos/sslvpn_s2s
..............
Other
..............
.................................
Client Specific Overrides
.................................
The mechanism of client overrides utilises OpenVPN :code:`client-config-dir` option, which offer the ability to use
specific client configurations based on the client's X509 common name.
It is possible to specify the contents of these configurations in the gui under :menuselection:`VPN -> OpenVPN -> Client Specific Overrides`.
Apart from that, an authentication server (:menuselection:`System -> Access -> Servers`) can also provide client details in special cases when returning
:code:`Framed-IP-Address`, :code:`Framed-IP-Netmask` and :code:`Framed-Route` properties.
.. Tip::
Radius can be used to provisioning tunnel and local networks.
A selection of the most relevant settings can be found in the table below.
.. csv-table:: Client Specific Overrides
:header: "Parameter", "Purpose"
:widths: 30, 40
"Disabled", "Set this option to disable this client-specific override without removing it from the list"
"Servers", "Select the OpenVPN servers where this override applies to, leave empty for all"
"Common name", "The client's X.509 common name, which is where this override matches on"
"IPv[4|6] Tunnel Network", "The tunnel network to use for this client per protocol family, when empty the servers will be used"
"IPv[4|6] Local Network", "The networks that will be accessible from this particular client per protocol family."
"IPv[4|6] Remote Network", "These are the networks that will be routed to this client specifically using iroute, so that a site-to-site VPN can be established."
"Redirect Gateway", "Force the clients default gateway to this tunnel"
--------------------------
Plugin VPN options
--------------------------
Via plugins additional VPN technologies are offered, including:
* **OpenConnect** - SSL VPN client, initially build to connect to commercial vendor appliances like Cisco ASA or Juniper.
* **Stunnel** - Provides an easy to setup universal TLS/SSL tunneling service, often used to secure unencrypted protocols.
* **Tinc** - Automatic Full Mesh Routing
* **WireGuard** - Simple and fast VPN protocol working with public and private keys.
* **Zerotier** - seamlessly connect everything, requires account from zerotier.com, free for up to 100 devices.
.. toctree::
:maxdepth: 2

Write Preview
Loading…
Cancel
Save