![]() ![]() I have commented the config file explaining the specific configuration details.įinally we set some permissions, enable and test the operation on our DNS resolver.įinally generate the new client config as described in step 3.2 and you can then set up your clients as per step 8. #Maximum lifetime of cached entries cache-max-ttl: 14400 #Minimum lifetime of cache entries in seconds cache-min-ttl: 1800 #Have the validator print validation failures to the log. #Add an unwanted reply threshold to clean the cache and avoid when possible a DNS Poisoning unwanted-reply-threshold: 10000000 #Limit DNS Fraud and use DNSSEC harden-glue: yes # Hide DNS Server info hide-identity: yes #not allowed to be returned for public internet names private-address: 10.200.200.0/24 #Authorized IPs to access the DNS Server access-control: 0.0.0.0/0 refuse #list of Root DNS Server root-hints: "/var/lib/unbound/root.hints" #Use the root servers key for DNSSEC auto-trust-anchor-file: "/var/lib/unbound/root.key" #Respond to DNS requests on all interfaces interface: 0.0.0.0 Enable WireGuard interface on the server.Unbound DNS resolver for added security.We will use 10.200.200.2/24 as the VPN client interface IP.We will use 10.200.200.1/24 as the VPN server interface IP.An ubuntu 16.04 (圆4) computer as the client. ![]() The internet facing interface on the server is eth0.An ubuntu 16.04 (圆4) VPS as our VPN server (Gateway).We will be setting up the typical VPN connection described in the previous post. Hopefully you too have been sold so let’s get into the set up process. Stealth - does not respond to any unauthenticated packets and both peers become silent when there’s no data to be exchanged.A combination of extremely high speed cryptographic primitives and the fact that WireGuard lives inside the Linux kernel means that secure networking can be very high-speed.It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities.It is capable of roaming between IP addresses (especially useful to prevent dropped connections when you have flaky internet).It aims to be as easy to configure and deploy as SSH.Here are just a few of the reasons why Wireguard blows away the competition: See the performance comparision charts done by the Wireguard author, Jason Donenfeld. Openvpn used to be my VPN solution of choice but after a few weeks with Wireguard, things changed. Wireguard is a simple, kernel-based, state-of-the-art VPN that also happens to be ridiculously fast and uses modern cryptographic principles that all other highspeed VPN solutions lack. I recently discovered the awesome Wireguard VPN tunnel and I was sold. ![]()
0 Comments
Leave a Reply. |