As WireGuard is new in 3.x, this document will try to dive into some more detail regarding how it works.
WireGuard in eduVPN / Let's Connect! has a lot less toggles than OpenVPN so
should be easier to configure. See the "WireGuard"
section for more information. There is also the
"global" option to set the WireGuard port. By default this is 51820.
There are a number of differences between OpenVPN and WireGuard. Most of them are summed up in this blog post.
It is possible to configure profiles to support both OpenVPN and WireGuard simultaneously. We recommend to use WireGuard whenever possible, and only provide OpenVPN support for legacy reasons, or when connecting over TCP is a MUST, for example on broken networks that e.g. block UDP, or have MTU issues.
For most production scenarios we recommend to have the bulk of the users use WireGuard, but at the same time reserve a little space for OpenVPN connections.
A profile example configuration would look like this:
'ProfileList' => [
[
'profileId' => 'office',
'displayName' => 'Office',
'hostName' => 'office.vpn.example.org',
'routeList' => [
'192.168.1.0/24',
'fd11::/64',
],
// Prefer that VPN clients connect using WireGuard
'preferredProto' => 'wireguard',
// WireGuard
'wRangeFour' => '10.42.42.0/24',
'wRangeSix' => 'fd42:0:0:1::/64',
// OpenVPN
'oRangeFour' => '10.42.43.0/25',
'oRangeSix' => 'fd42:0:0:2::/64',
// do not use OpenVPN with UDP
'oUdpPortList' => [],
'oTcpPortList' => [1194],
],
],