Messin' with Wireguard
I’ve been messin’ about with Wireguard and – after some hiccups – I have a small network of peers connected. I now have a couple laptops, a desktop, a phone, and a Raspberry Pi all networked, with the connection remaining persistent even as the mobile devices move across wi-fi networks.
My proudest achievement is connecting this network to a Pi-hole installation on a Digital Ocean VPS. Now all those Internet ads cannot reach me, not matter where on the network I am. I should probably allow ads, since I am a media studies scholar and ads are staple object of media studies. But then again, I’m addicted to things like actually being able to read websites, having them load quickly, and not being tracked, so… yeah, I’ll pass on the ads.
With a Wireguard-based network, I can SSH into any of my computers. It’s rare that I have to do that, but sometimes I forget to sync a file – say, a lecture, or a PDF of an article. No worries there – just log into a remote computer and grab it. I’m starting to think about setting up my own personal media streaming system, as well. Because, why not?
Wireguard is billed as faster and easier to work with than OVPN, and in my view, it’s living up to the billing. Setting things up initially took a long while, with my mistakes including not setting up rules in my firewalls (I use UFW). Once I figured out how to allow connections from the network I was building, it began to work quite well. And it is fast – the network speed is nearly as fast as without the VPN in place. (In fact, I’m pretty sure my ISP, Suddenlink, is dropping packets from internet radio streams – but with Wireguard, those packets aren’t dropping).
One tip I can offer: I discovered a need for a “PersistentKeepalive” on that Pi-hole server. This appears to be a bit of a no-no with Wireguard, which is built on the idea that “silence is golden” – i.e., the less packets flying aorund the better. But the Pi-hole peer kept dropping off the network, and thus my DNS lookups wouldn’t happen. By adding
PersistentKeepalive = 25
to the Pi-hole [Peer] section of the client config file, the connection stays active.
If any of you are itchin’ to try some Wireguard, I have found the tutorial at ServerSide Up to be really helpful. That, and my old friend “trying stuff until it works”…
EDIT: I got KDE Connect working! You just have to add devices by IP address! That is so cool.