WG interface to ipv4
vtol at gmx.net
Sun May 6 16:12:59 CEST 2018
> Jason already explained it but maybe it needs to be repeated several more
No need, it is understood.
> WG security model doesn't rely on which interface, port or subnet it's
> listening on. You can screw your network configuration in myriad ways and
> WG will still save you due to it's design. Private keys are all that matters.
> Keep them secure and forget about the rest of things you know about
> unbound, dnsmasq, bind, ssh, openvpn and ipsec. Use route tables and
> netfilter rules to choose where the network traffic should go. That's all.
That seems a bit of narrow focus, and sort of insinuating that WG due to
its design is invincible, when WG is just one piece integrating into a
broader (server) network landscape.
Also wondering how ssh is discarded when the WG online presence stating:
"WireGuard aims to be as easy to configure and deploy as SSH. A VPN
connection is made simply by exchanging very simple public keys –
exactly like exchanging SSH keys"
For that matter it is pretty easy in ssh to limit its socket and
iface/ip range exposure. Is it due to the inferior design of ssh that
such security hardening features are made available/considered? If you
keep the ssh keys safe that should be all that matters, should it not?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4174 bytes
Desc: S/MIME Cryptographic Signature
More information about the WireGuard