VPN solution built with WireGuard®

Next Generation Open Source VPN

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.

This TurnKey Linux VPN software appliance leverages the open source WireGuard® software (installed from Debian repositories). It also includes custom TurnKey configuration tools to support ease of setup. It can link 2 otherwise unconnected LANs and/or secure traffic across public and/or insecure wifi connections and/or provide a secure solution for remote work scenarios.

This appliance includes all the standard features in TurnKey Core, and on top of that:

  • WireGuard® configurations:
    • Initialization hooks to configure common WireGuard® deployments, server key and confgiuration.
    • Deployments include convenience scripts to add clients/profiles, generating all required config.
    • Expiring obfuscated HTTPS urls can be created for clients to download their profiles (especially useful with mobile devices using a QR code scanner).

See the Set up documentation for further details on how to set it up.

Note: WireGuard® and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld. TurnKey Linux is not affiliated with Jason A. Donenfeld or WireGuard®. Neither this software appliance, or the TurnKey provided, custom configuration scripts are endorsed by Jason A. Donenfeld or WireGuard®.

Usage details & Logging in for Administration

No default passwords: For security reasons there are no default passwords. All passwords are set at system initialization time.

Ignore SSL browser warning: browsers don't like self-signed SSL certificates, but this is the only kind that can be generated automatically. If you have a domain configured, then via Confconsole Advanced menu, you can generate free Let's Encypt SSL/TLS certificates.

Web - point your browser at either:

  1. http://12.34.56.789/ - not encrypted so no browser warning
  2. https://12.34.56.789/ - encrypted with self-signed SSL certificate

Note: some appliances auto direct http to https.

Username for OS system administration:

Login as root except on AWS marketplace which uses username admin.

  1. Point your browser to:
  2. Login with SSH client:
    ssh root@12.34.56.789
    

    Special case for AWS marketplace:

    ssh admin@12.34.56.789
    

* Replace 12.34.56.789 with a valid IP or hostname.