# wireguard
fast kernelspace VPN

See https://www.wireguard.com/ and https://wiki.archlinux.org/title/WireGuard for more info.


# Configuration
See also https://www.procustodibus.com/blog/2021/05/wireguard-ufw/ on how to setup common configurations.


# Firewall rules
When using a firewall such as UFW, the following ports need to be opened:
* wireguard tunnel port (ex: ``51872/udp``)
* any other ports from wireguard network to machine (ex: ``22/tcp`` for ssh)

See [ufw](ufw) on how to configure firewall for use with wireguard.


# Troubleshooting
Sometimes SSH connections can fail due to packet fragmentation (?), sometimes a fix is to lower MTU to 1400.
`sudo ip link set dev wg0 mtu 1400` and reset inet.