Where are you running your wireguard endpoint?

Eskuero@lemmy.fromshado.ws · edit-2 13 hours ago

Where are you running your wireguard endpoint?

dan@upvote.au · edit-2 11 hours ago

There’s no such thing as a client or server with Wireguard. All systems with Wireguard installed are “nodes”. Wireguard is peer-to-peer, not client-server.

You can configure nftables rules to route through a particular node, but that doesn’t really make it a server. You could configure all nodes to allow routing traffic through them if you wanted to.

If you run Wireguard on every device, you can configure a mesh VPN, where every device can directly reach any other device, without needing to route through an intermediary node. This is essentially what Tailscale does.

just_another_person@lemmy.world · edit-2 11 hours ago

Uhhh, nooooo. Why are all these new kids all in these threads saying this crazy uninformed stuff lately? 🤣

https://www.wireguard.com/protocol/ https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/configuring_and_managing_networking/setting-up-a-wireguard-vpn

And, in fact, for those of us that have been doing this a long time, anything with a control point or protocol always refers to said control point as the server in a PTP connection sense.

In this case, a centralized VPN routing node that connects like a Hub and Spoke is the server. Everything else is a client of that server because they can’t independently do much else in this configuration.

dan@upvote.au · edit-2 10 hours ago

Both of those documents agree with me? RedHat are just using the terms “client” and “server” to make it easier for people to understand, but they explicitly say that all hosts are “peers”.

Note that all hosts that participate in a WireGuard VPN are peers. This documentation uses the terms client to describe hosts that establish a connection and server to describe the host with the fixed hostname or IP address that the clients connect to and, optionally, route all traffic through this server.

–

Everything else is a client of that server because they can’t independently do much else in this configuration.

All you need to do is add an extra peer to the WireGuard config on any one of the “clients”, and it’s no longer just a client, and can connect directly to that peer without using the “server”.

just_another_person@lemmy.world · edit-2 10 hours ago

They do no such thing.

The first link explains the protocol.

The second explains WHY one would refer to client and server with regards to Wireguard.

My point ties both together to explain why people would use client and server with regards to the protocol itself, and a common configuration where this would be necessary for clarification. Ties both of them together, and makes my point from my original comment, which also refers to OP’s comment.

I’m not digging you, just illustrating a correction so you’re not running around misinformed.

It wasn’t clear where OP was trying to make a point, just that the same host would be running running Wireguard for some reason, which one would assume means virtualization of some sort, meaning the host machine is the primary hub/server.