mirror of https://github.com/ben-grande/qusal.git synced 2025-11-29 02:37:03 -05:00

History

Ben Grande 963e72c7ed chore: Fix unman copyright contact		2023-11-13 18:18:06 +00:00
..
files	chore: Fix unman copyright contact	2023-11-13 18:18:06 +00:00
clone.sls	refactor: initial commit	2023-11-13 14:33:28 +00:00
clone.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
configure.sls	chore: Fix unman copyright contact	2023-11-13 18:18:06 +00:00
configure.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
create.sls	refactor: initial commit	2023-11-13 14:33:28 +00:00
create.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
init.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
install.sls	chore: Fix unman copyright contact	2023-11-13 18:18:06 +00:00
install.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
README.md	refactor: initial commit	2023-11-13 14:33:28 +00:00

README.md

sys-wireguard

Wireguard VPN in Qubes OS.

Description
Installation
Usage
Credits

Description

Setup a Wireguard VPN qube named "sys-wireguard" to provide network access to other qubes through the VPN with fail closed mechanism.

Installation

Top:

qubesctl top.enable sys-wireguard
qubesctl --targets=tpl-sys-wireguard,sys-wireguard state.apply
qubesctl top.disable sys-wireguard

State:

qubesctl state.apply sys-wireguard.create
qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install
qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure

To add the VPN configuration and configure the qubes firewall:

/srv/salt/qusal/sys-wireguard/files/admin/setup-sys-wireguard.sh

Usage

Use the VPN qube sys-wireguard to enforce incoming and outgoing connections from clients connected to the VPN with a fail safe mechanism.

Credits

Unman