• A different device from your home server?
  • On the same home server as the services but directly on the host?
  • On the same home server as the services but inside some VM or container?

Do you configure it manually or do you use some helper/interface like WGEasy?

I have been personally using wgeasy but recently started locking down and hardening my containers and this node app running as root is kinda…

  • just_another_person@lemmy.worldEnglish
    2·
    2 hours ago

    Uhhh, nooooo. Why are all these new kids all in these threads saying this crazy uninformed stuff lately? 🤣

    https://www.wireguard.com/protocol/ https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/configuring_and_managing_networking/setting-up-a-wireguard-vpn

    And, in fact, for those of us that have been doing this a long time, anything with a control point or protocol always refers to said control point as the server in a PTP connection sense.

    In this case, a centralized VPN routing node that connects like a Hub and Spoke is the server. Everything else is a client of that server because they can’t independently do much else in this configuration.

    • dan@upvote.auEnglish
      11·
      2 hours ago

      Both of those documents agree with me? RedHat are just using the terms “client” and “server” to make it easier for people to understand, but they explicitly say that all hosts are “peers”.

      Note that all hosts that participate in a WireGuard VPN are peers. This documentation uses the terms client to describe hosts that establish a connection and server to describe the host with the fixed hostname or IP address that the clients connect to and, optionally, route all traffic through this server.

      Everything else is a client of that server because they can’t independently do much else in this configuration.

      All you need to do is add an extra peer to the WireGuard config on any one of the “clients”, and it’s no longer just a client, and can connect directly to that peer without using the “server”.

      • just_another_person@lemmy.worldEnglish
        2·
        2 hours ago

        They do no such thing.

        The first link explains the protocol.

        The second explains WHY one would refer to client and server with regards to Wireguard.

        My point ties both together to explain why people would use client and server with regards to the protocol itself, and a common configuration where this would be necessary for clarification. Ties both of them together, and makes my point from my original comment, which also refers to OP’s comment.

        I’m not digging you, just illustrating a correction so you’re not running around misinformed.

        It wasn’t clear where OP was trying to make a point, just that the same host would be running running Wireguard for some reason, which one would assume means virtualization of some sort, meaning the host machine is the primary hub/server.