I setup wg-easy, am I somehow exposed to attacks? - eviltoast

I configured wg-easy on my home-server (docker installation) and want to check if I missed something security-wise:

  • I port-forwarded UDP 51820 on my router
  • I have a domain which I purchsed, it’s managed in Cloudflare and I created an A record pointing to my WAN IP.
  • Not sure if it matters, but all I have for my wg.domain.com is a username/password authentication and it’s secured with an SSL certificate, which is obviously only valid inside of my LAN.

I currently assume that since I port-forwarded a UDP port, people can’t try and access MY_WAN:51820. Is it somewhat correct?

Any tips on this would be great. I’m not interested in exposing my setup to the internet, all I want is a secure VPN to sometimes access my network from my phone.

By the way, huge props to wg-easy, very quick and simple setup.

  • ffimnsr@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Wireguard is pretty much secure as any connection that is not authenticated is immediately dropped. If you open port 51820 only, then I think that’s okay. Pretty much if you use distro wg, then just keep it up to date. I don’t know any 0-day vuln for wireguard yet, so just be cautious and monitor logs.