Urgh, I don’t really have time to do this migration but guess I’m planning it in anyway.
Past me was a lazy bum. But I’m confident that future me is all over this. Time for a nap.
Damn you sir, you didn’t need to call me out with that last paragraph.
No, I know it wasn’t my shoe, but look at how well it fits!
WG was always so much better anyway.
Well it was written to replace open VPN right? So that makes sense
Don’t let openvpn get a swelled head. Itself it was just a Bender project (“I’m gonna write vtun better; with hookers and beer!”) anyway.
deleted by creator
Not sure about that. I set up a wg vpn server on a system which then became unresponsive whenever wg was fully saturating the network. Turns out there is apparently no way to throttle or prioritize a wg server, the only way I could think of would be to dedicate a vm to solely the wg vpn and throttle that vm in its networking.
I instead switched to openvpn which can simply be throttled via a line in its configuration.Besides that missing feature, openvpn also doesn’t require figuring out the right iptables commands to verbatim paste into its config as startup and shutdown commands. Setting it up was way easier than wg (though openvpn too wasn’t exactly user-friendly).
WG to me seems too clunky and unfinished for more mainstream usage, though I am sure it wouldn’t be an issue for a large commercial user like mullvad that will have no issue with all that.
Regarding link saturation - have you tried tc/wondershaper? https://unix.stackexchange.com/questions/28198/how-to-limit-network-bandwidth#28203
Iptables commands - that was needed at the very launch of wg, I’ve not had to deal with it for some time now.
Personal/commercial use - I’m on a completely opposite side. It’s perfect for personal use, but its lack of dhcp support makes me question its capability in a commercial setting. Many providers offer it, so clearly that’s not an insurmountable task, but I’m still curious how they sort out their backend.
Yeah, to be honest, WG out of the box is really nice for tunneling and static IP road warriors. For larger deployments it’s a bit of a PIA without DHCP.
Sadly.
But things like Netbird make it a bit easier.
Because OpenVPN is fiddly to set up and modern Wireguard setups seem to scale well enough.
I remember maybe 12-15 years ago, setting OpenVPN on my TomatoUSB flashed router, invoking all kind of openssl command to generate certificates, keys, signing stuff, setting the router, setting the TAP/TUN clients etc. but once setup it works for years on my laptop, phone, etc.
Now with WG I basically scan on my phone a QR code generated on my Merlin router and that’s it.
merlin has built-in wireguard support??
yes for a long time now
Try openwrt, ddwrt is cancer.
can’t with broadcom
I hear you, I also have broadcom ewaste, a Trident 2+ switch running open switch and I can never upgrade the debian 9 OS running kernel 4.9.
I had to create a QEMU VM, put proxmox on it and put openwrt into an LXC in that to make it work. Our technology landscape is completely ducked.
What? Why?
I used to use ddwrt until I didn’t have a router (forced by cablemodem that I couldn’t modify)
But then I got fiber with a bridge and discovered OpenWRT and it was so incredible.
So much more capable and such a better more competent community.
Much more competent and ethical leadership that doesn’t violate the GPL.How it works, just made more sense to me, there are so many feature I never want to lack in a router and frankly I wish I had in every linux distro.
One of my absolute favorite thing about it, is that anything you click in the web interface, is a command run in the underlying system.Here I am setting a DHCP tag, which makes it so that all computers with a certain MAC address will receive a non-routing gateway, cutting them off from the internet. I use this to stop my TVs and VMs from connecting to the internet without having to deal with a bunch of static IP addresses and that whole firewall tedium.
Notice how it’s giving me the exact commands
And the WebUI shows you all the commands before they run it. Not only that makes understanding how the system works underneath. It makes it very easy to reproduce all the same configuration using bunch of commands you can paste from a text file !
Recently I wanted to turn older such routers into dumb wifi access points and they were all mostly the same, so I just flashed them and then ran a series of commands that I learned from the Web UI, with just some things tweaked for each device.
For me that feature alone makes the difference, but also the sketchiness of ddwrt with regards
I think ddwrt gets love because ANYTHING is better than the awful, unreliable stock and locked down web user interfaces on routers. But between ddwrt and openwrt, I think it is no-contest, openwrt is the best choice between those two.
Here is a bunch of articles more about this
https://wi-fiplanet.com/the-dd-wrt-controversy/
https://hackaday.com/2011/09/21/modifying-dd-wrts-protected-gui/
https://ebb.org/bkuhn/blog/2009/12/06/anatomy-gpl-violation.html
https://www.linksysinfo.org/index.php?threads/fresh-tomato-vs-openwrt-vs-dd-wrt.76178/
https://old.reddit.com/r/openwrt/comments/ld05u6/whats_the_difference_openwrt_ddwrt_tomato_opensan/
https://old.reddit.com/r/HomeNetworking/comments/9hk0lm/is_ddwrt_no_longer_recommendedgeneral_opinions_on/
https://www.raspberrypibox.com/dd-wrt-vs-openwrt/
https://news.ycombinator.com/item?id=8060911
https://old.reddit.com/r/HomeNetworking/comments/j5u3kf/why_is_ddwrt_such_a_pain/
https://old.reddit.com/r/linux/comments/3skn25/fcc_we_will_not_ban_ddwrt_on_wifi_routers/Huh. Alright, that’s pretty convincing. Thanks.
EDIT: it’s been pointed out to me that using NetworkManager for Wireguard setup is shit. Instead use nmcli, this seems to have solved my problem.
I’m using Bazzite Linux with KDE, and for me Wireguard setup is copy/pasting several bits of information on multiple settings pages. OpenVPN is just downloading a single config file and inputting my user/pass.
Also, Wireguard disconnects so often, no matter which distro I’m on, that it’s a pain in the butt having to reconnect a few times an hour. Not to mention that I can’t have it set to autoconnect on login, or my internet doesn’t work until I disconnect and reconnect.
Wireguard disconnects so often
Wireguard is udp, it never “connects”, there’s no session.
Wireguard disconnects the WiFi.
However, it has been pointed out to me that my problem was using the GUI for NetworkManager to add the VPN, which apparently is shit for Wireguard. I added the VPN using nmcli instead and so far it’s working as intended.
Interesting, I also use KDE (on arch btw) and I definitely have had hours-long work sessions with ssh over a wireguard vpn to access my home PC from abroad, so I imagine the issue is probably not on the KDE side of the stack
These immutable distros always create a thousand little problems like that.
I don’t think it’s Bazzite, as it didn’t work on NixOS or Nobara either. It’s got to be something with my ISP, because as I said in my previous comment, it hasn’t worked over multiple distros.
A bit annoying for all the things that don’t support openvpn, like old Synology NAS devices.
You can install a wireguard spk from blackvoid - Wireguard SPK for your Synology NAS.
Oh that’s interesting, though my model isn’t on the list ;(
mullvad and windscribe are the only two i support <3
Do you have a stance on IVPN?
I’ve had an active iVPN sub for almost 8 years now. Cannot say anything bad about them whatsoever
why yall need a vpn?
Pira… I mean, Privacy
Privacy
And justified paranoia
recently switched from mullvad to ivpn, and the servers are noticeably slower. with mullvad all the servers I used achieved my connections max speed 500 mb/s but on ivpn they usually do 50 - 300, and sometimes i need to switch server because they go down (i use european servers). only reason i switched was because mullvad causes a wakelock on mint cinnamon and it drives me nuts.
Is that a Mint Cinnamon issue primarily?
Some sort of internal error specific to them and their setup. Mullvad should function flawlessly on Mint. I’ve used and installed mint on multiple PCs and all sorts of drives including usbs. The repo for updating mullvad app usually needs corrected but that is it. Mint and Mullvad are solid.
it hasn’t happened on other distros but i have other bigger issues on them so i never could test for a longer period. took me a year to find what caused it and it hasn’t happened since i switched from mullvad. fun bonus: ovpn destroyed my nvidia drivers on mint…
I started on mint years ago and it was an okay foot in the door, but would not recommend to anyone (including beginners). Fedora is my goto for new users these days. I use arch (btw) and have had much more luck on rolling release.
Not gonna try to convince you off Mint, but it does sound like you’re having issues with it.
I’ve been itching to install ultramarine but earlier I’ve had bad times with fedora on my hw. also because i host jellyfin at my home network, i kinda need x11 because i have a little program that keeps my system awake when network traffic crosses a certain threshold, using xdotool. and no, that’s not the cause for the wakelock issue. i know ydotool but no time to get into it in the near future
Bummer. For whatever reason I always get much better speeds on openvpn servers.
That’s not something you hear very often.
Sounds like an issue with your network or routes. By design, WG is faster.
I’m sure it is, Im just not sure where to start and I get pretty decent speeds on open vpn. I guess now I’m going to have to try to figure it out
Try lowering MTU, just don’t lower it too much.
You got this!
Still just wish mullvad would stop subtracting. First port forwarding and now this. 😕
That’s very strange. WireGuard was specifically created in part because of speed limitations.
Only the opposite has ever happened for me.
Oh I know it’s odd. I think it must be something with my router or windows configuration, but it’s very noticeably different between the two.
Good! That shit needs to be phased out.
