Our great sponsors
-
firezone
Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
wg-easy
Discontinued The easiest way to run WireGuard VPN + Web-based Admin UI. [Moved to: https://github.com/wg-easy/wg-easy] (by WeeJeWel)
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
That sounds fun. I was hoping to get around to supporting Raspbian soon. Feel free to open an issue on Github if you get stuck or need help! I'm interested to hear how it goes.
Some tips to get you started:
1. Where it's built:
https://github.com/firezone/firezone/blob/master/.github/wor...
2. You'll likely need the following debian packages installed:
> dpkg-dev ntp zlib1g-dev libssl-dev openssl bzip2 procps rsync ca-certificates build-essential git gnupg curl unzip locales net-tools systemd
3. I build Firezone inside Vagrant VMs using the `vagrant` user, so you'll probably want to adjust for your local user.
4. I use asdf to manage language runtimes: https://asdf-vm.com
That sounds fun. I was hoping to get around to supporting Raspbian soon. Feel free to open an issue on Github if you get stuck or need help! I'm interested to hear how it goes.
Some tips to get you started:
1. Where it's built:
https://github.com/firezone/firezone/blob/master/.github/wor...
2. You'll likely need the following debian packages installed:
> dpkg-dev ntp zlib1g-dev libssl-dev openssl bzip2 procps rsync ca-certificates build-essential git gnupg curl unzip locales net-tools systemd
3. I build Firezone inside Vagrant VMs using the `vagrant` user, so you'll probably want to adjust for your local user.
4. I use asdf to manage language runtimes: https://asdf-vm.com
Alternatively, check out wg-easy, which comes with a beautiful management interface.
https://github.com/weejewel/wg-easy
shameless plug
I am a maintainer of subspace (https://github.com/subspacecommunity/subspace). My contributions were updating the SAML plugin, implementing prometheus support (which is still being reviewed) and some minor features.
My vision for the project is to evolve into a fully featured userspace VPN service that still relies on WireGuard for the network layer, but implementing useful features like key rotation, built-in horizontal scaling support, server-client configuration sync, automatic user de-provisioning based on the upstream Active Directory users manifest and an api/sdk for extended automation.
But before I can even get to the cool stuff, I need more peers just to review current pull requests and deal with the current issues, because as it is, I don't have quorum to do such (I mean without abusing administrator privileges).
I think Firezone is an excellent effort, we need competition wherever possible and I think we can contribute with ideas, but with SAML/SSO already implemented, maybe subspace is already more suited to corporate environments.
As someone who uses OPNsense a lot now, the community WG plugin is both a fairly minimal MVP and also for whatever reason WG on OPNsense has been a bit wonky. DNS for example sometimes just mysteriously stops working for a while, then with absolutely no changes starts working again even while IPs function normally. Haven't had time to try to dig into that yet but as well as speed I'm looking forward very much to WG in the FreeBSD kernel (and OPNsense's move to vanilla FreeBSD foundation as well) in the hopes it'll help eliminate a few extra moving parts.
I'm looking forward though to seeing more tooling developed on top of WG as was always intended, making it easier to plug into other user auth systems and to deploy it to non-technical end users. The QR code thing helps for example but I'd also like to see widespread support for options like autogenerating mobileconfigs [0] for Macs/iDevices and equivalents elsewhere, tying into MDM etc. To get maximum use it needs to get to the point of "install this profile, that's it" or just happen automagically for managed devices. More graphical visualization of what's going on and troubleshooting could help novices too. Such a great foundational tool but projects like this are exciting to see appear as well since they are important next steps.
----
0: https://github.com/WireGuard/wireguard-apple/blob/master/MOB...