Wireguard

Overview
Wireguard is modern, low-latency VPN, available in upstream Alpine repo. Not only it is fast and secure, but also very simple and straightforward in configuration. Among all VPN techlologies, it is the simplest (from user's viewpoint) and the least wayward one.

Setup and usage
As of pmOS 23.06, the default kernel is already built with Wireguard support. To use Wireguard tunnels, you only need to install the  package. There is no separate  package in Alpine and pmOS. There are other Wireguard tools to be considered as well.

Standard location for configuration of Wireguard tunnels is. The directory should be readable for root only (, and  for files in it) as it contains private keys of the host. Once  is installed, tunnels may be started/stopped as follows: $ sudo wg-quick up INTERFACE $ sudo wg-quick down INTERFACE with INTERFACE being a name of one of the  files.

GUI applications
As of now, there is no dedicated GUI application for Wireguard management in Linux. (Unlike the other OSes.) Use terminal instead. Probably someone will write it one day, or adopt the existing Android/IOS app for pmOS phones (apart from desktops/notebooks). In some desktop environments, there are (or may appear in the future) Wireguard plugins for their regular network management tools.

NetworkManger integration
In mobian there is easy way to manage Wireguard with automatically filled pre and post hooks. $ nmcli connection import type Wireguard file /path/to/wg.conf However, because of (probably) some lack in packaging, pre and post hooks interfaces are not set properly. So you are connected to your rely but DNS doesn't work. In other cases, Wireguard support may vary depending upon distribution, its particular NM version and plugin availabilty for it.

DNS dependence
In certain use cases, you may need to use a particular DNS server at the other side of the tunnel instead the default one. To that purpose, there is the  setting in config file for. (But not for  itself !)

To perform the task,  and probably other tools running on top of Wireguard itself need addtitional tools to set up DNS for wireguard interface. In most distributions and packages,  are listed as recommended - but not mandatory - dependencies.

In Alpine and pmOS,  does install   unconditionally, thus DNS setting works out of the box.

In other distributions and setups (including Network Manager as described above?) you may need to install this dependence manually.