Code-Memo
VPN concepts (IPSec, OpenVPN, WireGuard)
What a VPN does
Creates an encrypted tunnel over an untrusted network
Often also provides routing (full-tunnel vs split-tunnel)
Common modes
Site-to-site
: connect networks (office ↔ cloud VPC)
Remote access
: connect a user device to a network
IPSec (high level)
Often used for site-to-site
Components: IKE, ESP/AH, policies, SA (security association)
Common tooling: strongSwan
OpenVPN (high level)
Runs in user space over UDP/TCP
Mature ecosystem, flexible auth
WireGuard (high level)
Modern, minimal codebase, fast
Uses public keys; simpler configuration
Interfaces often named
wg0
Typical troubleshooting
Routing:
ip route
,
ip rule
DNS: split DNS and search domains
MTU: reduce MTU if things “hang” over tunnel
Useful commands
ip addr show ip route wg show 2>/dev/null
Related
Routing basics