To help understand the WireGuard concepts, we will show some practical setups that hopefully match many scenarios out there.
This is probably the most common setup for a VPN: connecting a single system to a remote site, and getting access to the remote network βas if you were thereβ.
Where to place the remote WireGuard endpoint in the network will vary a lot depending on the topology. It can be in a firewall box, the router itself, or some random system in the middle of the network.
Here we will cover a simpler case more resembling what a home network could be like:
public internet
xxxxxx ppp0 ββββββββββ
ββββββ xx xxxx βββ€ router β
β ββppp0 xxx xx βββββ¬βββββ
β β xx x β home 10.10.10.0/24
β β xxx xxx βββββ¬ββββββββββ¬ββββββββββ
ββββββ xxxxx β β β
βββ΄ββ βββ΄ββ βββ΄ββ
β β β β β β
βpi4β βNASβ β...β
β β β β β β
βββββ βββββ βββββ
This diagram represents a typical simple home network setup. You have a router/modem, usually provided by the ISP (Internet Service Provider), and some internal devices like a Raspberry PI perhaps, a NAS (Network Attached Storage), and some other device.
There are basically two approaches that can be taken here: install WireGuard on the router, or on another system in the home network.
Note that in this scenario the βfixedβ side, the home network, normally wonβt have a WireGuard Endpoint
configured, as the peer is typically βon the roadβ and will have a dynamic IP address.