ad: M2Ant-1


Discussion in 'Computers, Hardware, and Operating Systems' started by W4EAE, Jul 13, 2020.

ad: L-HROutlet
ad: l-rl
ad: Left-2
ad: abrind-2
ad: L-MFJ
ad: Left-3
ad: Subscribe
  1. W4EAE

    W4EAE Premium Subscriber QRZ Page

    If you have any use for a private VPN, this is THE ticket. Dual-stack, secure, extremely easy on resources, extremely short code, and no discernible drop in network bandwidth when connected. Authentication is public-private key. Two way roaming (server and client) is also built in (particularly helpful with mobile devices).

    My server configuration file is 11 lines long. It is configured for two clients (3 lines per client) and internet access for the clients (2 lines: 'PostUp...' and 'PostDown...'). My home WG server is running very smoothly on a Raspberry Pi 3B+.

    Wireguard is available for Linux, Windows, Mac, iOS and Android.

    Anyone else using it?
  2. KT1F

    KT1F Ham Member QRZ Page

    I'm not using it but it sounds like something I'd like to use. I'm setting up a LAN in our new RV with a cellular router and, for a few reasons, it would be nice to pass all traffic through a VPN, preferably sitting here at home using our fiber connection.

    I don't want to mess with individual clients on devices, it needs to be transparently built into the network. The Pepwave cellular router I'm using has its own VPN / tunnel technology in the firmware and I can get a free license for the server side call FusionHub. The firmware is soon going to also include an OpenVPN client so I'll probably go for one of those but I'm still in the research stage.

    I haven't really been following the VPN world but Wireguard sure sounds good, especially since it is now built into the Linux kernel. I guess I could throw away some of the Pepwave LAN functionality and have a separate local router / WiFi access point which goes to a Raspberry Pi running the Wireguard client which then goes to the Pepwave. Or I could use a router with DD-WRT or something with a Wireguard client built in.
    Last edited: Jul 14, 2020
  3. W4EAE

    W4EAE Premium Subscriber QRZ Page

    OpenVPN will work well for your proposed setup. It is certainly secure. The biggest downside is speed with every commercial router I have run it on. With a decent desktop or laptop computer running at both ends, the speed is typically <90% of real throughput. Routers at either end max out at anywhere between 20% and 80%. My take on LTE modems has always been to use them for the WAN connection and handle the LAN on a secondary device over which I have more control.

    One commercial router implementation for Wireguard is Ubiquiti's Edgerouter (various models from $59 to $249). It has robust functionality through the gui, and because it runs on Debian, there are limitless (save storage space) possibilities of what you can do in the terminal. Installing Wireguard is as simple as as adding the repository. From there, it is standard. I would check first, but the same would likely be true of many soho routers.

    There are clear advantages to running the VPN on the router in the RV; but with Wireguard, there are also clear advantages to running individual clients due to its lightness and the roaming feature. You would have to configure each client initially. Once you did that though, the connections can be configured to start at boot and be effectively seamless. The advantage comes when you are out and about in the RV and decide to go to a public place. Your phone, tablet or laptop would still be on your home LAN (which is also the RV's LAN) when you were away from the RV. I ran WG for a week straight on Android, and the difference in battery and network usage was undetectable (the same cannot be said for OpenVPN). Since the devices you use are all connected all the time over WG, you could close ports on your home network and more fully secure it.

    If you have a combination of 'traditional' and 'smart devices' on your RV network, a combination of the two approaches would probably be most beneficial.

    I wish you luck in building your RV network. In any endeavor like this, a little extra planning and work on the front end can save you from some serious headaches later.
  4. KT1F

    KT1F Ham Member QRZ Page

    Hi @W4EAE

    I remembered this post from a months ago. My techie project this weekend has been to get Wireguard working on a Raspberry Pi. I went down a few time wasting rabbit holes in the process (this is me) but I'm very happy with the end result.

    The Pi sits between the Ethernet WAN port on my router and the USB port on an Android phone. Wireguard does its thing transparently in the middle. Performance is good. Speed is about the same with or without Wireguard.

    Image from iOS.jpg Screen Shot 2020-10-18 at 3.39.32 PM.png

    I now live in the Digital Ocean.
    Last edited: Oct 18, 2020
  5. N0NB

    N0NB Ham Member QRZ Page

    A few weeks back I was trying to setup Wireguard using my OpenWRT router and two client devices. The OpenWRT status page in Luci showed all connected but I could not ping between any of the devices. Perhaps I have a wrong view of this as I was trying to create a virtual LAN with its own IP address range. I shelved the idea for another time as other priorities stood in the way.

Share This Page