Intra2net has made some customizations to WireGuard in order to improve its function. These adjustments do not affect the protocol on the line, Intra2net systems are therefore compatible with other WireGuard remote sites.
Connection status. A clear connection status is maintained and logged for each WireGuard connection. Whether a connection is online or offline is displayed on the mainpage. Each connection setup can be traced in the system logs for documentation and testing purposes.
The keepalive function should be activated in order to be able to reliably recognize the connection status. If no successful handshake is established for a connection after a maximum of 180 seconds plus the set keepalive time, it is listed as offline.
Detailed logs. Not only the online/offline status change is logged, but also setup attempts with incorrect keys, non-responding remote sites, changes of IP addresses or port numbers and packets from incorrect IP addresses within the tunnel. This data is useful for troubleshooting as well as for documentation and testing purposes.
Connection establishment independent of keepalive. In the normal implementation of WireGuard, a configured keepalive means that a connection is always attempted. Keepalive is useful for connections to VPN clients, but in times when the client is not running, the constant connection attempts and their error messages are irritating. Therefore, the Intra2net system separates the basic activation of a connection from the keepalive as soon as the connection is online.
Continuous DNS resolution. If a DNS hostname is configured as a WireGuard remote peer, the Intra2net system updates its DNS resolution every minute. This means that dynamic IPs with DynDNS or fallback Internet lines can also be used as remote sites without any problems. Nevertheless, an existing WireGuard connection is not interrupted when the DNS resolution changes. The newly resolved IP is only used to establish a new connection if handshakes to the currently used IP address are unsuccessful and the connection therefore goes offline.
Definition of local IP networks. WireGuard only provides for the configuration of the remote site networks (AllowedIPs, see above). This makes the configuration of fine-grained access rights more difficult, as additional firewall rulesets would have to be configured manually for the local networks. The Intra2net system provides for the IP networks involved to be configured for both the local side and the remote side. The firewall automatically restricts access to the configured networks. This configuration data also enables the preparation of complete WireGuard configuration files for the remote site.
It is not necessary to configure each individual pair of source and destination networks separately, as is the case with IPSec. Simply listing all local IP networks and those of the remote site is sufficient to connect all these networks with each other.