• qjkxbmwvz@startrek.website
    link
    fedilink
    arrow-up
    47
    arrow-down
    1
    ·
    8 months ago

    Not to be that guy…but there are no WireGuard servers or clients, only peers. Some setups “look” like clients, some “look” like servers, but it’s peers all the way down.

    • ozymandias117@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      8 months ago

      Do you mean it’s fully bidirectional?

      E.g. connecting to the WireGuard “server” my work set up allows them full access to my internal network?

      I would have assumed I would need to set some sort of reverse routing in that case

      • SolidGrue@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        8 months ago

        Not unless your endpoint is configured to act as a gateway (IP forwarding, maybe also with masquerade) and allows other clients to access the IP address ranges you use in your home LAN (AllowedIP).

        • ozymandias117@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          8 months ago

          That was my assumption, but the way it was stated, I wanted to clarify there wasn’t something special about WireGuard in the way people tend to mean peer to peer

          • SolidGrue@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            edit-2
            8 months ago

            Its peer-tp-peer in that it can be configured in multiple modes on a peer by peer, interface by interface basis. You can make point to point, hub & spoke, or full mesh topologies. If you configure one of the peers for IP forwarding, it can gateway to external networks. If you configure two peers with IP forwarding and establish some routing you can build site to site topologoes, or add more peers for site to multisite and full mesh site topologies. Add IP masquerade (source NAT or PAT) to any of those topologies and it can provide remote access VPN.

            Its very flexible. Most config guides walk you through a basic remote access VPN scenario that lets remote peers access local LAN services at the one end, but not the other, and/or additionally access Internet resources via IP masquerade. The other topologies require more work, but are (edit: not) much more difficult than the remote access use case.

            • ozymandias117@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              8 months ago

              Thanks for the in depth explanation.

              When I’m using it from my work laptop to work’s server to access internal sites, it feels very client -> server.

              When they said peer to peer, I was worried I was somehow also exposing my personal devices to work’s network

              I didn’t realize there were so many other ways to set it up

  • snake_case_lover@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    8 months ago

    Even Gnome natively supports Wireguard VPN client by default. There is also wireguard tools on apt. wg-quick up /path/to/conf

  • churros@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    5
    ·
    8 months ago

    Kagi Quick Answer

    To setup a WireGuard VPN client in Linux using NetworkManager (nm), there are a few steps:

    Ensure you have the latest version of NetworkManager installed as older versions may not support WireGuard. According to result [1], NetworkManager version 1.26.2 or higher is required.

    Obtain the client configuration file from your VPN provider or server administrator. This file will contain the connection details like the server endpoint IP/URL, listen port, public and private keys, and allowed IP ranges.

    Import the client configuration file into NetworkManager. This can be done using the nmcli command line tool or the NetworkManager GUI. For example, using nmcli:

    nmcli connection import type wireguard file /path/to/client/config.conf
    

    Activate the WireGuard VPN connection. Using nmcli:

    nmcli connection up id wireguard-client
    

    You should now be connected to the VPN. You can verify the connection status and check that traffic is being routed through the VPN by pinging internal resources. The NetworkManager GUI provides an easy way to import and manage VPN connections without using command line commands. Results [2] and [3] provide a mapping of WireGuard client configuration file settings to the NetworkManager GUI advanced editor.

    Let me know if you have any other questions!

        • SteveTech@programming.dev
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          8 months ago

          Unless I’ve forgotten how this meme format works, OP was looking how to setup wireguard using NetworkManager, but DDG kept returning results on setting up a wireguard server. That link is a tutorial on setting up a wireguard server, and then connecting a peer using wg-quick (and not NetworkManager).