VPNs - ArsTechnica looks at WireGuard
I can remember trying to set up a VPN many years ago (OpenVPN?), I
didn't get very far. I had other things to do, so I gave up. But I
think that VPNs have a place on the farm, especially if you are
shipping packets over radio.
Ars Technica has an article on WireGuard, which is a kernel module
which implements the WireGuard system.
WireGuard is available for Debian, but only sid (unstable) at the
moment. There are a couple of bug reports submitted, but I think there
is only 1 report of consequence. That being the permissions (file
mode) of configuration in /etc/wireguard. The submitter thought 600
permissions would have been much better than 755. The maintainer
brought up an argument I've never seen before, that being the use of
tab completion (bash, others?) in order to probe capabilities of
wireguard. I thing many (perhaps most) people installing Debian could
manually adjust the file modes manually, but I suspect most would not
think of doing so on their own. So by default, the installation would
have resulted in the potential to leak keys. At least as far as Debian
packaging is concerned, I believe the modes on those files are now eet
According to the Ars Technica article, there is very little
configuration involved with this VPN method, and few options to set.
As a result, the handshake to set things up is very fast. To use a
particular VPN configuration, uses the same methods as one might use to
bring up eth0.