WireGuard

This is an automated archive.

The original was posted on /r/wireguard by /u/downvotedbylife on 2024-01-06 00:52:12+00:00.

I recently set up Wireguard on my OPNsense box for remote access to my LAN. I currently have one instance and two peers: a windows laptop and an android phone. The setup for both peers is mostly identical except for different IP addresses (within the same subnet, which is completely empty except for Wireguard clients).

I setup the clients on both my devices, and tested them both using mobile data to simulate out-of-home access. I turned on my mobile hotspot, and while connected to it, the laptop worked perfectly from the first start, got a handshake and was able to access both LAN resources and the internet through Wireguard.

The weird part is that the Android phone, while it completes the handshake with the server (showing that keys and basic connectivity are fine), it doesn't get any further. The phone can't access local LAN resources or the internet when the VPN is active. Here's what I've checked:

• The OPNsense firewall rules, NAT rules, and routes allow all traffic from the Wireguard interface and subnet.
• Allowed IPs is set to 0.0.0.0/0, same as the laptop.
• There are no blocks in the firewall logs. In fact, there are no log entries for the Wireguard interface.
• The phone does get an IP when the VPN is turned on, but can't even ping its own subnet gateway address, much less the LAN's DNS. No response when pinging it from the LAN, either.
• Changed MTU in the Android client to various values found around the web (it's currently at 1400), no difference.
• Tried setting the keepalive to 25s, no difference.
• Reinstalled Wireguard app, no difference

I don't see anything that stands out in the logs. There's a periodic "Retrying handshake because we stopped hearing back after 15 seconds" messages. It seems the only traffic being received by the phone is the handshake packets. Phone is constantly transmitting data, but the rx count only goes up when it does a handshake.

I'm inclined to not think it's a mobile network issue, since the laptop works perfectly when it's on the mobile hotspot from the very same phone that can't connect.

I'm at a loss here. Any ideas?

This is an automated archive.

The original was posted on /r/wireguard by /u/downvotedbylife on 2024-01-06 00:52:12+00:00.

I recently set up Wireguard on my OPNsense box for remote access to my LAN. I currently have one instance and two peers: a windows laptop and an android phone. The setup for both peers is mostly identical except for different IP addresses (within the same subnet, which is completely empty except for Wireguard clients).

I setup the clients on both my devices, and tested them both using mobile data to simulate out-of-home access. I turned on my mobile hotspot, and while connected to it, the laptop worked perfectly from the first start, got a handshake and was able to access both LAN resources and the internet through Wireguard.

The weird part is that the Android phone, while it completes the handshake with the server (showing that keys and basic connectivity are fine), it doesn't get any further. The phone can't access local LAN resources or the internet when the VPN is active. Here's what I've checked:

• The OPNsense firewall rules, NAT rules, and routes allow all traffic from the Wireguard interface and subnet.
• Allowed IPs is set to 0.0.0.0/0, same as the laptop.
• There are no blocks in the firewall logs. In fact, there are no log entries for the Wireguard interface.
• The phone does get an IP when the VPN is turned on, but can't even ping its own subnet gateway address, much less the LAN's DNS. No response when pinging it from the LAN, either.
• Changed MTU in the Android client to various values found around the web (it's currently at 1400), no difference.
• Tried setting the keepalive to 25s, no difference.
• Reinstalled Wireguard app, no difference

I don't see anything that stands out in the logs. There's a periodic "Retrying handshake because we stopped hearing back after 15 seconds" messages. It seems the only traffic being received by the phone is the handshake packets. Phone is constantly transmitting data, but the rx count only goes up when it does a handshake.

I'm inclined to not think it's a mobile network issue, since the laptop works perfectly when it's on the mobile hotspot from the very same phone that can't connect.

I'm at a loss here. Any ideas?

This is an automated archive.

The original was posted on /r/wireguard by /u/ReddItAlll on 2024-01-06 00:19:56+00:00.

This is an automated archive.

The original was posted on /r/wireguard by /u/ReddItAlll on 2024-01-06 00:19:56+00:00.

This is an automated archive.

The original was posted on /r/wireguard by /u/jpergentino on 2024-01-05 19:34:05+00:00.

I know that it's possible to see the current connecter users from the UI, but is there a way to see the history of client's connection and disconnection from the logs? Thanks in advance.

This is an automated archive.

The original was posted on /r/wireguard by /u/ackleyimprovised on 2024-01-05 16:19:36+00:00.

This has happened twice now, once when I was on holiday a few months ago and once just now.

I have wireguard running on pfsense. I have 3 devices running overseas with wireguard. All of a sudden the devices get redirected to the HK Google version. Something's stop working like google timeline and a few other things. Visited google.com/NCR and that helped on the single client but not the rest.

Unsure why it's happening, I believe I restarted pfsense and everything came right the first time. Can't restart right now as out of country and would loose the assigned public IP (am planning to fix this)

My DNS in my config is pointing to home hosted pihole which I have flushed and restarted.

Also tried a few remote desktop clients at home that are not logged into Google and they are doing the same thing (redirects to google.com.hk)

This is an automated archive.

The original was posted on /r/wireguard by /u/ackleyimprovised on 2024-01-05 16:19:36+00:00.

This has happened twice now, once when I was on holiday a few months ago and once just now.

I have wireguard running on pfsense. I have 3 devices running overseas with wireguard. All of a sudden the devices get redirected to the HK Google version. Something's stop working like google timeline and a few other things. Visited google.com/NCR and that helped on the single client but not the rest.

Unsure why it's happening, I believe I restarted pfsense and everything came right the first time. Can't restart right now as out of country and would loose the assigned public IP (am planning to fix this)

My DNS in my config is pointing to home hosted pihole which I have flushed and restarted.

Also tried a few remote desktop clients at home that are not logged into Google and they are doing the same thing (redirects to google.com.hk)

This is an automated archive.

The original was posted on /r/wireguard by /u/Electronic_Pumpkin90 on 2024-01-05 14:39:56+00:00.

Hello!

I need help in bypassing a DPI of my ISP which blocks connections to NordVPN Wireguard servers. So far, I found the following:

1. The DPI won’t block a connection if it is initiated from an Ubiquiti ER-12 router. The router doesn’t have a Wireguard package installed by default, so I am using this one: The connection works perfectly and I can transfer traffic through the established tunnel.
2. Any other connection (made from the NordVPN Linux app, from a Linux PC, from a Windows PC) with the same parameters (keys, server address, keep alive value, etc.) will trigger the DPI and will be blocked. Usually, it happens like this: the client initiates a connection and sends “Handshake Initiation” packet, the server responds with “Handshake response” packet after which “wg show” command starts to show some bytes transferred and received. But all other “Handshake response” packets will be dropped by the DPI. “wg show” will show more bytes sent, but none received. It looks like the DPI “remembers” parameters of the first handshake and will block responses afterwards.
3. It looks like that the DPI doesn’t recognize ER-12 handshakes as a Wireguard connection. And all I need is to modify the handshake UPD packet in the same way ER-12 generates it.

I know, that there are exist a lot of threads regarding Wireguard obfuscation. Most of them recommend to obfuscate packets on the client, deobfuscate on the intermediate server and send them to the Wireguard server. I do not want to do this because I don’t want to buy a VPS and because ER-12 doesn’t need any additional server.

I have captured handshake packets using tcpdump from the ER-12 and from a Linux machine, but that’s where my knowledge ends: I don’t know how to find what exact differences exist between these packets and how to modify an UPD handshake packet to make it look like ER-12 one.

This is an automated archive.

The original was posted on /r/wireguard by /u/Electronic_Pumpkin90 on 2024-01-05 14:39:56+00:00.

Hello!

I need help in bypassing a DPI of my ISP which blocks connections to NordVPN Wireguard servers. So far, I found the following:

1. The DPI won’t block a connection if it is initiated from an Ubiquiti ER-12 router. The router doesn’t have a Wireguard package installed by default, so I am using this one: The connection works perfectly and I can transfer traffic through the established tunnel.
2. Any other connection (made from the NordVPN Linux app, from a Linux PC, from a Windows PC) with the same parameters (keys, server address, keep alive value, etc.) will trigger the DPI and will be blocked. Usually, it happens like this: the client initiates a connection and sends “Handshake Initiation” packet, the server responds with “Handshake response” packet after which “wg show” command starts to show some bytes transferred and received. But all other “Handshake response” packets will be dropped by the DPI. “wg show” will show more bytes sent, but none received. It looks like the DPI “remembers” parameters of the first handshake and will block responses afterwards.
3. It looks like that the DPI doesn’t recognize ER-12 handshakes as a Wireguard connection. And all I need is to modify the handshake UPD packet in the same way ER-12 generates it.

I know, that there are exist a lot of threads regarding Wireguard obfuscation. Most of them recommend to obfuscate packets on the client, deobfuscate on the intermediate server and send them to the Wireguard server. I do not want to do this because I don’t want to buy a VPS and because ER-12 doesn’t need any additional server.

I have captured handshake packets using tcpdump from the ER-12 and from a Linux machine, but that’s where my knowledge ends: I don’t know how to find what exact differences exist between these packets and how to modify an UPD handshake packet to make it look like ER-12 one.

This is an automated archive.

The original was posted on /r/wireguard by /u/southerndoc911 on 2024-01-05 11:56:53+00:00.

The Windows WireGuard client hasn't been updated in a while. Are there any plans to bring tunnel autoactivation/activation on demand to it? I'm looking for feature parity with the macOS version where you can exclude certain SSIDs.

This is an automated archive.

The original was posted on /r/wireguard by /u/StrikingBreadfruit on 2024-01-05 00:45:18+00:00.

I am trying to put wireguard on an armhf/armv7l mifi device and have gotten all the way to loading the cross compiled wireguard kernel module onto the device. I compiled this module using the 4.14.117 linux source and the compiler trio arm-linux-gnueabihf. After indmodding stuff, I can run modinfo and lsmod and see all good info about the kernel module.

I then run wg-quick and the first line "ip link add wg0 type wireguard" fails with the error: "Error: argument "wg0" is wrong: Unknown device".

Looking deeper, I can see that /sys/class/net/wg0 does not exist, which I believe it should at this point.

Has anyone had any experience cross compiling this wireguard kernel module for another device and seen anything like this?

I can provide further info/logs if so.

This is an automated archive.

The original was posted on /r/wireguard by /u/mudakosarma on 2024-01-04 21:38:17+00:00.

not sure if this one is possible, but it doesn't hurt to ask

My TV provider has an app in google playstore, apple, roku etc and when connected to router, one can install the app, automatically log in and watch all channels like with their (providers) TV box

I installed WG server and tried to set this up for my parents

WG server works just fine, but app does not my LAN IP (assigned by providers modem\router combo) address is 192.168.0.x and I can reach 192.168.0.1 (modem\router) just fine from my parents place

but seems like reaching modem\router is not enough, modem\router needs to lease the IP address to device is order for this to work

so is there a way to configure WG server to use router DHCP server when assigning new IP for a client

I get it, this is a long shot, but as I said, it doesn't hurt to ask

This is an automated archive.

The original was posted on /r/wireguard by /u/jpergentino on 2024-01-04 21:17:32+00:00.

Hi all,

is that possible to configure an instance of WireGuard to be used by both kind of clients:

1 - Send Internet traffic to the WG tunnel, also accessing the local server network;

2 - NOT send Internet traffic to the WG tunnel, but access the local server network.

Thanks!

This is an automated archive.

The original was posted on /r/wireguard by /u/websplaining on 2024-01-04 18:10:24+00:00.

This is an automated archive.

The original was posted on /r/wireguard by /u/mudakosarma on 2024-01-04 21:38:17+00:00.

not sure if this one is possible, but it doesn't hurt to ask

My TV provider has an app in google playstore, apple, roku etc and when connected to router, one can install the app, automatically log in and watch all channels like with their (providers) TV box

I installed WG server and tried to set this up for my parents

WG server works just fine, but app does not my LAN IP (assigned by providers modem\router combo) address is 192.168.0.x and I can reach 192.168.0.1 (modem\router) just fine from my parents place

but seems like reaching modem\router is not enough, modem\router needs to lease the IP address to device is order for this to work

so is there a way to configure WG server to use router DHCP server when assigning new IP for a client

I get it, this is a long shot, but as I said, it doesn't hurt to ask

This is an automated archive.

The original was posted on /r/wireguard by /u/jpergentino on 2024-01-04 21:17:32+00:00.

Hi all,

is that possible to configure an instance of WireGuard to be used by both kind of clients:

1 - Send Internet traffic to the WG tunnel, also accessing the local server network;

2 - NOT send Internet traffic to the WG tunnel, but access the local server network.

Thanks!

This is an automated archive.

The original was posted on /r/wireguard by /u/websplaining on 2024-01-04 18:10:24+00:00.

This is an automated archive.

The original was posted on /r/wireguard by /u/batrick on 2024-01-04 14:34:21+00:00.

Hello,

I have a baremetal desktop connecting to a VM on another server. There is a WG link between the two. I'm encountering slow download performance when pulling data from the internet or another LAN machine (ignoring internet performance hereafter to keep things simple). The baremetal desktop is 192.168.20.1 (wireguard) / 192.168.200.201 (w/o wireguard) and the VM is 192.168.20.2 (wireguard) / 192.168.230.103 (w/o wireguard). The local router is 192.168.200.1 which is accessible via wireguard or without.

$ sudo ip netns exec foo iperf3 -c 192.168.20.2 -p 1111
Connecting to host 192.168.20.2, port 1111
[  5] local 192.168.20.1 port 41940 connected to 192.168.20.2 port 1111
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  28.8 MBytes   241 Mbits/sec   59    941 KBytes       
[  5]   1.00-2.00   sec  29.5 MBytes   247 Mbits/sec    0   1.03 MBytes       
[  5]   2.00-3.00   sec  26.8 MBytes   224 Mbits/sec    0   1.12 MBytes       
[  5]   3.00-4.00   sec  28.5 MBytes   239 Mbits/sec    0   1.19 MBytes       
[  5]   4.00-5.00   sec  28.6 MBytes   240 Mbits/sec    0   1.24 MBytes       
[  5]   5.00-6.00   sec  27.8 MBytes   233 Mbits/sec    2    945 KBytes       
[  5]   6.00-7.00   sec  27.2 MBytes   229 Mbits/sec    0    998 KBytes       
[  5]   7.00-8.00   sec  27.5 MBytes   231 Mbits/sec    0   1.01 MBytes       
[  5]   8.00-9.00   sec  28.2 MBytes   237 Mbits/sec    0   1.04 MBytes       
[  5]   9.00-10.00  sec  28.2 MBytes   237 Mbits/sec    0   1.05 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   281 MBytes   236 Mbits/sec   61             sender
[  5]   0.00-10.08  sec   279 MBytes   232 Mbits/sec                  receiver

iperf Done.
$ sudo ip netns exec foo iperf3 -c 192.168.20.2 -p 1111 --reverse
Connecting to host 192.168.20.2, port 1111
Reverse mode, remote host 192.168.20.2 is sending
[  5] local 192.168.20.1 port 50328 connected to 192.168.20.2 port 1111
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  38.9 MBytes   326 Mbits/sec                  
[  5]   1.00-2.00   sec  32.6 MBytes   273 Mbits/sec                  
[  5]   2.00-3.00   sec  27.4 MBytes   230 Mbits/sec                  
[  5]   3.00-4.00   sec  27.6 MBytes   232 Mbits/sec                  
[  5]   4.00-5.00   sec  27.1 MBytes   228 Mbits/sec                  
[  5]   5.00-6.00   sec  27.5 MBytes   231 Mbits/sec                  
[  5]   6.00-7.00   sec  27.2 MBytes   229 Mbits/sec                  
[  5]   7.00-8.00   sec  29.8 MBytes   250 Mbits/sec                  
[  5]   8.00-9.00   sec  26.9 MBytes   225 Mbits/sec                  
[  5]   9.00-10.00  sec  26.8 MBytes   224 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.04  sec   295 MBytes   246 Mbits/sec    0             sender
[  5]   0.00-10.00  sec   292 MBytes   245 Mbits/sec                  receiver

iperf Done.
$ sudo ip netns exec foo iperf3 -c 192.168.200.1 -p 1111 
Connecting to host 192.168.200.1, port 1111
[  5] local 192.168.20.1 port 56218 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  18.9 MBytes   158 Mbits/sec    2    159 KBytes       
[  5]   1.00-2.00   sec  18.5 MBytes   155 Mbits/sec    0    223 KBytes       
[  5]   2.00-3.00   sec  17.9 MBytes   150 Mbits/sec    0    272 KBytes       
[  5]   3.00-4.00   sec  18.1 MBytes   152 Mbits/sec    0    313 KBytes       
[  5]   4.00-5.00   sec  17.5 MBytes   147 Mbits/sec    0    349 KBytes       
[  5]   5.00-6.00   sec  18.2 MBytes   153 Mbits/sec    0    383 KBytes       
[  5]   6.00-7.00   sec  19.0 MBytes   159 Mbits/sec    0    416 KBytes       
[  5]   7.00-8.00   sec  18.4 MBytes   154 Mbits/sec    1    443 KBytes       
[  5]   8.00-9.00   sec  18.5 MBytes   155 Mbits/sec    0    469 KBytes       
[  5]   9.00-10.00  sec  18.5 MBytes   155 Mbits/sec    0    495 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   184 MBytes   154 Mbits/sec    3             sender
[  5]   0.00-10.07  sec   181 MBytes   151 Mbits/sec                  receiver

iperf Done.
$ sudo ip netns exec foo iperf3 -c 192.168.200.1 -p 1111 --reverse
Connecting to host 192.168.200.1, port 1111
Reverse mode, remote host 192.168.200.1 is sending
[  5] local 192.168.20.1 port 42220 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  0.00 Bytes  0.00 bits/sec                  
[  5]   1.00-2.00   sec   384 KBytes  3.15 Mbits/sec                  
[  5]   2.00-3.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   3.00-4.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   4.00-5.00   sec   896 KBytes  7.34 Mbits/sec                  
[  5]   5.00-6.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   6.00-7.00   sec   896 KBytes  7.34 Mbits/sec                  
[  5]   7.00-8.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   8.00-9.00   sec   768 KBytes  6.29 Mbits/sec                  
[  5]   9.00-10.00  sec   768 KBytes  6.29 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.05  sec  6.76 MBytes  5.65 Mbits/sec  2150             sender
[  5]   0.00-10.00  sec  6.62 MBytes  5.56 Mbits/sec                  receiver

iperf Done.
$ iperf3 -c 192.168.200.1 -p 1111 
Connecting to host 192.168.200.1, port 1111
[  5] local 192.168.200.201 port 34218 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   114 MBytes   952 Mbits/sec    3    335 KBytes       
[  5]   1.00-2.00   sec   113 MBytes   945 Mbits/sec    0    337 KBytes       
[  5]   2.00-3.00   sec   112 MBytes   941 Mbits/sec    0    339 KBytes       
[  5]   3.00-4.00   sec   112 MBytes   944 Mbits/sec    0    342 KBytes       
[  5]   4.00-5.00   sec   112 MBytes   939 Mbits/sec    0    342 KBytes       
[  5]   5.00-6.00   sec   112 MBytes   943 Mbits/sec    0    342 KBytes       
[  5]   6.00-7.00   sec   112 MBytes   938 Mbits/sec    0    342 KBytes       
[  5]   7.00-8.00   sec   113 MBytes   945 Mbits/sec    0    342 KBytes       
[  5]   8.00-9.00   sec   112 MBytes   939 Mbits/sec    0    342 KBytes       
[  5]   9.00-10.00  sec   113 MBytes   944 Mbits/sec    0    342 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.10 GBytes   943 Mbits/sec    3             sender
[  5]   0.00-10.04  sec  1.10 GBytes   938 Mbits/sec                  receiver

iperf Done.
$ iperf3 -c 192.168.200.1 -p 1111 --reverse
Connecting to host 192.168.200.1, port 1111
Reverse mode, remote host 192.168.200.1 is sending
[  5] local 192.168.200.201 port 44104 connected to 192.168.200.1 port 1111
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   112 MBytes   941 Mbits/sec                  
[  5]   1.00-2.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   2.00-3.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   3.00-4.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   4.00-5.00   sec   112 MBytes   941 Mbits/sec                  
[  5]   5.00-6.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   6.00-7.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   7.00-8.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   8.00-9.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   9.00-10.00  sec   112 MBytes   942 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.04  sec  1.10 GBytes   938 Mbits/sec  159             sender
[  5]   0.00-10.00  sec  1.10 GBytes   941 Mbits/sec                  receiver

iperf Done.

The results indicate to me that there is a significant performance loss due to NAT routing on the VM (192.168.20.1 <- 192.168.200.1). I'm also not sure if ~220 Mbps symmetric is reasonable for wireguard over a LAN (192.168.20.1 <-> 192.168.20.2). I've tried playing with the MTU of the links on both sides without any beneficial effect (usually poorer performance).

Any ideas for investigation? Thanks in advance!

This is an automated archive.

The original was posted on /r/wireguard by /u/Final_Chipmunk3795 on 2024-01-04 14:03:26+00:00.

I opened a local Wireguard VPN server with this "installer" I found on GitHub.

After it was done, I used the QR code provided to connect to the VPN on my phone, it worked! I connected to my local web-server and I found no issues.

I then copied over the client configuration into my windows machine and connected, all public domains like google and youtube worked, but my local web-server didn't. my browser responded with "Your Internet access is blocked"...

I'm pretty new to this VPN stuff, and don't really know what configurations I should provide.

This is an automated archive.

The original was posted on /r/wireguard by /u/Larkonath on 2024-01-04 13:14:44+00:00.

Hi,

I didn't find any minimum hardware requirements for Wireguard and I'm wondering if this VPS offering is enough?

I need to reserve one year upfront and I'd rather not waste the money on something that won't do the job.

This is an automated archive.

The original was posted on /r/wireguard by /u/SoftwareRenderer on 2024-01-04 03:55:30+00:00.

I'm using userspace implementations of Wireguard on my Synology NAS, and was a bit surprised that BoringTun was about half as fast as Wireguard-go.

I'm not sure if something isn't setup correctly, but I'm using the same Docker config, and the only difference is pulling wireguard-go from Git and BorningTun from Rust's Cargo

My goal is to balance easy maintenance and performant Wireguard on my Synology NAS.

Test setup using iperf3:

• Peer #1 Synology DS923+ with 10GbE module, Userspace Wireguard
• Peer #2 Intel i5-9600K PC with 10GbE network card, Kernel Wireguard

| Connection | Speed (Gbps) | |

|

| | Direct | 9.42 | | Boringtun v0.6.0 | 1.51 | | Wireguard-go (git 12269c2) | 2.92 |

This is an automated archive.

The original was posted on /r/wireguard by /u/bkbg8 on 2024-01-04 02:09:42+00:00.

I’ve setup my wire guard recently to use on my iphone.

It’s setup on Home assistant. I can connect to my local devices just fine when on my cell network, but when I hop on my GFs WiFi, I can’t connect to my local devices anymore. My IP address is still my wireguard IP though.

Is there anyway to change that?  

Thank you

This is an automated archive.

The original was posted on /r/wireguard by /u/SoftwareRenderer on 2024-01-04 03:55:30+00:00.

I'm using userspace implementations of Wireguard on my Synology NAS, and was a bit surprised that BoringTun was about half as fast as Wireguard-go.

I'm not sure if something isn't setup correctly, but I'm using the same Docker config, and the only difference is pulling wireguard-go from Git and BorningTun from Rust's Cargo

My goal is to balance easy maintenance and performant Wireguard on my Synology NAS.

Test setup using iperf3:

• Peer #1 Synology DS923+ with 10GbE module, Userspace Wireguard
• Peer #2 Intel i5-9600K PC with 10GbE network card, Kernel Wireguard

| Connection | Speed (Gbps) | |

|

| | Direct | 9.42 | | Boringtun v0.6.0 | 1.51 | | Wireguard-go (git 12269c2) | 2.92 |

This is an automated archive.

The original was posted on /r/wireguard by /u/bkbg8 on 2024-01-04 02:09:42+00:00.

I’ve setup my wire guard recently to use on my iphone.

It’s setup on Home assistant. I can connect to my local devices just fine when on my cell network, but when I hop on my GFs WiFi, I can’t connect to my local devices anymore. My IP address is still my wireguard IP though.

Is there anyway to change that?  

Thank you

This is an automated archive.

The original was posted on /r/wireguard by /u/PerformanceOnly2216 on 2024-01-03 22:11:17+00:00.

I asked an Ai a question it told me the below

The 0.0.0.0/0 configuration in WireGuard on Android does not prevent other devices from accessing your device.

The 0.0.0.0/0 configuration is used to specify the allowed IP range for routing through the WireGuard tunnel. In this case, it means that all traffic from your Android device is being routed through the WireGuard tunnel. However, it does not prevent other devices from accessing your Android device.

If you want to prevent other devices from accessing your Android device, you would need to configure additional security measures such as firewall rules on your Android device or on your network. This could involve blocking incoming connections from specific IP addresses or implementing network segmentation to isolate your Android device from other devices on the network. The specific steps will depend on your network setup and the level of security you want to achieve.

Sooooo now I ask the question

say im at a starbucks or some * how can I prevent anyone access for sake of safety