Secure WireGuard VPN server setup on OpenBSD (and configure Windows 10 clients to connect through it)


by Özgür Kazanççı · December 19th, 2020 · My OpenBSD Tutorials

OpenBSD now includes an in-kernel WireGuard implementation wg(4).

Well, the WireGuard VPN protocol has been available on OpenBSD as a port for a while; Puffy has actually had user-land support for WireGuard using WireGuard-go, an implementation in Go, and later as the wiresep port in C, -both using tun devices-, which incurs a slight penalty for crossing the kernel/userspace border for each packet, much like OpenVPN and others.

Since OpenBSD version 6.8, WireGuard being in-kernel, comes installed by default, brings an implementation way much faster. It also means we can skip using extra software and use base-only utilities for a very simple, easy configuration.

So, obviously for this write-up we’ll need -at least- version 6.8 of OpenBSD installed. And after OpenBSD 6.8 installation is done, using the newly released in-kernel wg(4) driver with only base utilities, we’ll implement a very secure, fast and stable VPN server for any OpenBSD/MacOS/Linux/Windows clients.

Our VPN server will be OpenBSD, and as for the client, I’ll go with Windows 10 Enterprise LTSC 2019 (Long Term Servicing Channel) in this write-up of mine. What is a Windows 10 LTSC?

Continue reading Secure WireGuard VPN server setup on OpenBSD (and configure Windows 10 clients to connect through it)