On 02/19/2018 11:36 PM, Zenny wrote: > Hi, > > I am planning to add wireguard.io <http://wireguard.io> interface (wg0) > to the running three-interface shorewall (I do not use too complex > vyatta-firewall with (net,loc and dmz) as explained > at https://github.com/Lochnair/vyatta-wireguard > and > https://www.digitalocean.com/community/tutorials/how-to-create-a-point-to-point-vpn-with-wireguard-on-ubuntu-16-04. > > I would like to create the router as a private VPN gateway to the > upstream public VPN that supports fireguard, too. The purpose of the > setup is to allow roaming as well as machines in loc zone to connect to > this shorewall instance as a gateway to reach the internet. > > Adding a masq wg0 interface with shorewall rules and policy similar to > loc may work, but inputs appreciated for the wireguard clients from > outside? >
See http://www.shorewall.org/VPNBasics.html. Basically, you must: a) Add a zone for the remote host(s) behind the VPN (or make them part of the 'loc' zone). b) Add an entry for the wg0 interface and the zone in a). c) Add a tunnels entry for the port you choose for the VPN (a quick look at the WG documentation didn't indicate which protocol the port is associated with), *or* follow the steps in the above-linked document to add the appropriate rules for the encapsulating VPN packets. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
