From d5004776d02e191b58bc626f90547815b6b430c7 Mon Sep 17 00:00:00 2001 From: Edward Viaene Date: Wed, 21 Aug 2024 20:44:36 -0500 Subject: [PATCH 1/2] docs update --- docs/quickstart.md | 5 ++++- docs/release-notes.md | 2 ++ mkdocs.yml | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/quickstart.md b/docs/quickstart.md index ccadd4f..13662f7 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -12,4 +12,7 @@ You can create a first user on the user page. The `admin` user cannot create VPN * Log-out and Log-in using the new credentials * Create a new connection on the Connections page * Download the configuration -* Import the configuration in a WireGuard® Client. See [https://www.wireguard.com/install/](https://www.wireguard.com/install/) for WireGuard® clients. \ No newline at end of file +* Import the configuration in a WireGuard® Client. See [https://www.wireguard.com/install/](https://www.wireguard.com/install/) for WireGuard® clients. + +# Access for existing users in Identity Providers +To allow access for users created in Active Directory, Okta, Onelogin, or other Identity Providers, navigate to the [OIDC](oidc.md), [SAML](saml.md), or [Provisioning (SCIM)](scim.md) pages to setup an IdP connection. \ No newline at end of file diff --git a/docs/release-notes.md b/docs/release-notes.md index 2b79097..698137b 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -5,6 +5,8 @@ * UI: ability to reload WireGuard® configuration * UI: modify client/server WireGuard® configuration files using templates +Note: after upgrading, make sure to close any old browser tab to ensure the new UI version is loaded. + ## Version v1.0.41 * UI: axios version bump * UI: disable https forwarding when request is served over http diff --git a/mkdocs.yml b/mkdocs.yml index b6170c0..38ba619 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -4,6 +4,7 @@ nav: - 'User Guide': - 'Installation': 'install.md' - 'Quick Start': 'quickstart.md' + - 'TLS (https)': 'tls.md' - Upgrade: 'upgrade.md' - FAQ: faq.md - 'Authentication & Provisioning': From 5760b2e470addbf31edef843fde8883110070a7e Mon Sep 17 00:00:00 2001 From: Edward Viaene Date: Wed, 21 Aug 2024 20:45:19 -0500 Subject: [PATCH 2/2] tls --- docs/tls.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docs/tls.md diff --git a/docs/tls.md b/docs/tls.md new file mode 100644 index 0000000..ec7bc9d --- /dev/null +++ b/docs/tls.md @@ -0,0 +1,16 @@ +# TLS + +## Configuration + +You can enable TLS (https) in the VPN Settings. TLS only works if you have a hostname configured as the "VPN Server Hostname". Make sure you have created a DNS record like vpn.yourcompany.com to the IP address of the VM instance. Once you enable the TLS setting, let's encrypt will be activated. An API call will be made to [letsencrypt.com](https://letsencrypt.org/), which will then make an HTTP call on your hostname to verify ownership. Only when this call succeeds, the TLS certificate will be issued, and the VPN Server will be accessible over https. + +## http to https forward +Make sure to only enable the http to https forwarding when https is fully working. If you enabled the http to https forwarding, but can't access the VPN Server over https, you can still disable the forwarding manually. + +Log in using SSH to the VPN Server and cd into the /vpn/config directory. The config.json file contains an attribute `redirectToHttps` that will be set to `true`. You can either remove the attribute and value or set the value to false. Also make sure that the attribute `protocol` is set back to `http` instead of `https`. Restart the VPN server using `systemctl restart vpn-rest-server`. + +## Alternatives +On Cloud providers like AWS a Load Balancer can be created to ensure access between the client and the AWS Load Balancer is using TLS. + +## VPN Traffic +VPN Traffic between client and VPN Server using WireGuard® is always encrypted. The TLS solution using Let's Encrypt is only to encrypt web traffic between the client (the browser) and the VPN Server Admin Web Interface. \ No newline at end of file