defguard icon indicating copy to clipboard operation
defguard copied to clipboard
verified publisher icon DefGuard

site-to-site VPN functionality

Open teon opened this issue 2 years ago • 6 comments

Currently, defguard supports only a "roadwarrior" setup (one server and clients connect to the server). In the network tab, we need to be able to configure current setup (roadwarrior) and "site-to-site" VPN (where two servers communicate - no clients are connecting to this instance). So we have "Add location" but now it would be setup VPN and we should choose which type. After selecting site-to-site we need to have a configuration for two server endpoints this is a great visualisation that we should do in order to show the admin what should be configured:

                  ┌─────── WireGuard site-to-site ──────┐
                  │         10.10.9.0/31          │
                  │                               │
     10.10.9.0 wgA│               xx              │wgB 10.10.9.1
                ┌─┴─┐          xxx  xxxx        ┌─┴─┐
alpha site      │   │ext     xx        xx    ext│   │  beta site
                │   ├───    x           x    ───┤   │
10.10.10.0/24   │   │      xx           xx      │   │  10.10.11.0/24
                │   │      x             x      │   │
                └─┬─┘      x              x     └─┬─┘
        10.10.10.1│        xx             x       │10.10.11.1
...┌─────────┬────┘          xx   xxx    xx       └───┬─────────┐...
   │         │                  xx   xxxxx            │         │
   │         │                                        │         │
 ┌─┴─┐     ┌─┴─┐           public internet          ┌─┴─┐     ┌─┴─┐
 │   │     │   │                                    │   │     │   │
 └───┘     └───┘                                    └───┘     └───┘

teon avatar Oct 31 '23 14:10 teon

@filipslezaklab design DONE: https://www.figma.com/file/uoFcgpOuVWa6g7tvKwB52o/defguard?type=design&node-id=5009-7758&mode=design&t=wrNRKEgMD6DM3Ph0-0

teon avatar Nov 27 '23 10:11 teon

When implementing location types include:

  • roadwarrior
  • site2site
  • mesh

wojcik91 avatar Jan 22 '24 13:01 wojcik91

When is this ready to be used?

jtbmedia avatar Jul 31 '24 08:07 jtbmedia

@jtbmedia most probably planned for version 1.2 (now 1.0 in testing).

teon avatar Jul 31 '24 10:07 teon

Would live love the feature. Which data is 1.2 planned to be released? On the website Q1 2024 is still mentioned.

jtbmedia avatar Jul 31 '24 11:07 jtbmedia