Wireguard VPN
-
Even more useful now Contabo has a UK location, we can use this for our Hetzner Gemany hosted VDIs to tunnel out to the web in the UK for a better localised experience for our primarily UK users.
@marcusquinn said in Wireguard VPN:
we can use this for our Hetzner Gemany hosted VDIs to tunnel out to the web in the UK for a better localised experience for our primarily UK users.
That's sounds interesting, could you please elaborate?
As an aside, Contabo don't use renewable energy, which makes them climate criminals in my mind.
Here are the cheapest renewably powered VPS in UK I've found so far (in order of cheapness)
https://www.vpsserver.com/vps-london/
https://krystal.uk/cloud-vps
https://cloudabove.com/hosting/cloud-servers -
@dylightful We just pushed out jitsi last month or so and it's still stabilizing, so you know what's next then
@girish said in Wireguard VPN:
so you know what's next then
Can we please get an update on Wireguard? Seems to be a lot of apps getting published that don't have anywhere near the number of votes as WG....
-
@girish said in Wireguard VPN:
so you know what's next then
Can we please get an update on Wireguard? Seems to be a lot of apps getting published that don't have anywhere near the number of votes as WG....
@dylightful Yes, on our list. After 7.2 is completely rolled out (should be out later today).
Is your use case the same as the existing OpenVPN app use case? i.e a self service portal where Cloudron acts as the VPN server?
-
@dylightful Yes, on our list. After 7.2 is completely rolled out (should be out later today).
Is your use case the same as the existing OpenVPN app use case? i.e a self service portal where Cloudron acts as the VPN server?
@girish Our use-case would be using some mini-Cloudrons as relays for traffic from VDIs, so the users appear to be browsing from the country they are in, as opposed to where the VDI VPS is hosted.
-
@dylightful Yes, on our list. After 7.2 is completely rolled out (should be out later today).
Is your use case the same as the existing OpenVPN app use case? i.e a self service portal where Cloudron acts as the VPN server?
@girish Exactly like the OpenVPN app, Wireguard will provide MUCH better speed!
-
For interest: ivpn.net comes recommended on privacytools.io with Wireguard very easily implemented and, formerly, I always found the Wireguard speed on azirevpn.com to be very fast.
-
@dylightful Yes, on our list. After 7.2 is completely rolled out (should be out later today).
Is your use case the same as the existing OpenVPN app use case? i.e a self service portal where Cloudron acts as the VPN server?
-
A nice list:
https://github.com/HarvsG/WireGuardMeshes -
An example config of WG-Easy deployment from:
https://github.com/WeeJeWel/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSLdocker-compose.yml:
version: "3.8" services: wg-easy: environment: # ⚠️ Change the server's hostname (clients will connect to): - WG_HOST=wg-easy.myhomelab.com # ⚠️ Change the Web UI Password: - PASSWORD=foobar123 image: weejewel/wg-easy container_name: wg-easy hostname: wg-easy volumes: - ~/.wg-easy:/etc/wireguard ports: - "51820:51820/udp" restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 nginx: image: weejewel/nginx-with-certbot container_name: nginx hostname: nginx ports: - "80:80/tcp" - "443:443/tcp" volumes: - ~/.nginx/servers/:/etc/nginx/servers/ - ./.nginx/letsencrypt/:/etc/letsencrypt/~/.nginx/servers/wg-easy.conf:
server { server_name `⚠️wg-easy.myhomelab.com`; location / { proxy_pass http://wg-easy:51821/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; } } -
An example config of WG-Easy deployment from:
https://github.com/WeeJeWel/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSLdocker-compose.yml:
version: "3.8" services: wg-easy: environment: # ⚠️ Change the server's hostname (clients will connect to): - WG_HOST=wg-easy.myhomelab.com # ⚠️ Change the Web UI Password: - PASSWORD=foobar123 image: weejewel/wg-easy container_name: wg-easy hostname: wg-easy volumes: - ~/.wg-easy:/etc/wireguard ports: - "51820:51820/udp" restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 nginx: image: weejewel/nginx-with-certbot container_name: nginx hostname: nginx ports: - "80:80/tcp" - "443:443/tcp" volumes: - ~/.nginx/servers/:/etc/nginx/servers/ - ./.nginx/letsencrypt/:/etc/letsencrypt/~/.nginx/servers/wg-easy.conf:
server { server_name `⚠️wg-easy.myhomelab.com`; location / { proxy_pass http://wg-easy:51821/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; } }@robi lots of solutions/apps for WG on the web, not entitely sure whats stopping/preventing the CLoudron team packaging and deploying considerings it one of the most upvoted wishlist items currently, especially when plenty of low upvote apps are getting published before WG.
Care to enlight us? @girish
-
@robi lots of solutions/apps for WG on the web, not entitely sure whats stopping/preventing the CLoudron team packaging and deploying considerings it one of the most upvoted wishlist items currently, especially when plenty of low upvote apps are getting published before WG.
Care to enlight us? @girish
@dylightful possibly the low vote apps don't have the complexity of integration into the Cloudron 'opinionated' environment. But I don't know really.
-
@robi lots of solutions/apps for WG on the web, not entitely sure whats stopping/preventing the CLoudron team packaging and deploying considerings it one of the most upvoted wishlist items currently, especially when plenty of low upvote apps are getting published before WG.
Care to enlight us? @girish
@dylightful I hear you.. it has not been made clear yet.
I just managed to deploy wg-easy in fly.io and it's simple UI is great, doesn't need a username, and similar to our OpenVPN app, easily generates .conf files for download for the clients.
For some of the things we wanted to do with VPNs for Apps which were a lot more complex, a lot more integrations were needed, and the people who started doing those didn't manage to complete them and the chain of events stopped progress.
What we perceive being reality, this can affect much simpler things from being re-prioritized; and of course life happens.
Un/fortunately those are not blockers for Cloudron having a fast personal VPN experience via Wireguard.
As I have a bit more time this month, I may start packaging wg-easy, and if someone else is interested in lending a helping hand, many hands make short work. (Send a PM to collaborate)
-
@dylightful I hear you.. it has not been made clear yet.
I just managed to deploy wg-easy in fly.io and it's simple UI is great, doesn't need a username, and similar to our OpenVPN app, easily generates .conf files for download for the clients.
For some of the things we wanted to do with VPNs for Apps which were a lot more complex, a lot more integrations were needed, and the people who started doing those didn't manage to complete them and the chain of events stopped progress.
What we perceive being reality, this can affect much simpler things from being re-prioritized; and of course life happens.
Un/fortunately those are not blockers for Cloudron having a fast personal VPN experience via Wireguard.
As I have a bit more time this month, I may start packaging wg-easy, and if someone else is interested in lending a helping hand, many hands make short work. (Send a PM to collaborate)
@robi wg-easy seems to be a nice alternative to the openvpn solution, it's also dockered: https://hub.docker.com/r/weejewel/wg-easy but I'm not sure how stable it is?
-
@robi wg-easy seems to be a nice alternative to the openvpn solution, it's also dockered: https://hub.docker.com/r/weejewel/wg-easy but I'm not sure how stable it is?
-
@robi wg-easy seems to be a nice alternative to the openvpn solution, it's also dockered: https://hub.docker.com/r/weejewel/wg-easy but I'm not sure how stable it is?
@timka Can confirm it works great and is very stable.
I ended up deploying a cluster a couple of months after apps with not even 1/3 of the upvotes were getting deployed before Wireguard. Very frustrating and disappointing.
-
On the one site I understand. There is lot of different Apps, they can be usable for many users. For example I use N8N. It's not perfect YET, way but more then “just usable”. Everytime when I see, that someone ask about alternative...i get angry. I ask me all time, why should we implement something new just like N8N? We have already automating stuff and it's working. Why integrate some alternative with the unknown potential?...
On other side in this Case- Open VPN have no real Potential in long term. It's working great. No doubt. Just this CPU Power Consumption is Kill Criterium. OVPN is for me like a Airpords 2. Generation. Working pretty well, but we have already something better. Nobody really except, that we use something like this, in next year's.
I pay fresh extra for Wireguard and so long working, I have no needs to pay for a next Cloudron Subscription. I have encrypted Storage, Email on own Domain and quick WG VPN with Proton unlimited. I can just pay few bucks for Integromat/make and that's all. No worries about own Server, Security and costs. Sure just my case, but maybe I'm not alone.
What I want to say to Cloudron devs- just implement WG in some usable Form (yeah we have them already, maybe just Alphas but who cares) and I will get a great Alterative back again. Cloudron is amazing Concept with huge potential, but must stay up to date.
I work on Project (for private Client) who who would be ready to pay 6 Digits Price Yearly, just for possibility to use own safe VPN without Google, Cloudflare etc. just selfhosted, easy, with no needs for huge stuff to maintain it.
Just thing about... If you would be able, to deploy own hosted system for WG VPN... with
- easy Installation
- Reduced maintain costs (automatic backups, updated directly from last nux Core/Ubuntu etc)
- Open source
Just this “one app” can be enough, to create special WG subscription of Cloudron. Price reduced, just 1-3 apps. You wouldn't get just new Customers, but mainly lot of Attention. And Attention is money.
-
On the one site I understand. There is lot of different Apps, they can be usable for many users. For example I use N8N. It's not perfect YET, way but more then “just usable”. Everytime when I see, that someone ask about alternative...i get angry. I ask me all time, why should we implement something new just like N8N? We have already automating stuff and it's working. Why integrate some alternative with the unknown potential?...
On other side in this Case- Open VPN have no real Potential in long term. It's working great. No doubt. Just this CPU Power Consumption is Kill Criterium. OVPN is for me like a Airpords 2. Generation. Working pretty well, but we have already something better. Nobody really except, that we use something like this, in next year's.
I pay fresh extra for Wireguard and so long working, I have no needs to pay for a next Cloudron Subscription. I have encrypted Storage, Email on own Domain and quick WG VPN with Proton unlimited. I can just pay few bucks for Integromat/make and that's all. No worries about own Server, Security and costs. Sure just my case, but maybe I'm not alone.
What I want to say to Cloudron devs- just implement WG in some usable Form (yeah we have them already, maybe just Alphas but who cares) and I will get a great Alterative back again. Cloudron is amazing Concept with huge potential, but must stay up to date.
I work on Project (for private Client) who who would be ready to pay 6 Digits Price Yearly, just for possibility to use own safe VPN without Google, Cloudflare etc. just selfhosted, easy, with no needs for huge stuff to maintain it.
Just thing about... If you would be able, to deploy own hosted system for WG VPN... with
- easy Installation
- Reduced maintain costs (automatic backups, updated directly from last nux Core/Ubuntu etc)
- Open source
Just this “one app” can be enough, to create special WG subscription of Cloudron. Price reduced, just 1-3 apps. You wouldn't get just new Customers, but mainly lot of Attention. And Attention is money.
@kallados I'll take those 6 figures, if they start with a
£
.I've come to the opinion that Cloudron just wants to do what it wants to do, and has a glass ceiling to solve with getting more app packaging expertise to do things the Cloudron way, so we just need to use alternatives to Cloudron to run alongside it in the meantime: Proxmox, Cloudpanel, Caprover, Univention, YunoHost, Bitnami, Rancher, Portainer, CasaOS, Umbrel, and more...
-
@kallados quite frankly if you have 6 figures yearly for that, then this is easily solvable with providing your own solution to the problem. No need to get Cloudron involved here for 15$/mth. I am sure, it will be just a bunch of shell scripts.
@marcusquinn the glass ceiling is simply time on our side. Technically providing such a package for Cloudron is often not far out, but initial work to a proper package following our requirements and especially ongoing maintenance and support requires time. It is not like we don't package apps for the fun of blocking our users. By now most of our time is spent in updating apps so they can be rolled out, without breaking all the time. Often debugging one app for one update eats many hours.
Further, one can already create custom packages for Cloudron, running
cloudron build && cloudron installinside that folder solves it already. If those packages are well written, then we have picked them up in the past and pulled them into our supported library after some required polish. We will soon work on a better solution to have these available for others without required commandline knowledge. We hope to remove us a bit as the bottleneck then, afterall our business is not selling app packages and the support for those, but the platform to run them. -
@kallados quite frankly if you have 6 figures yearly for that, then this is easily solvable with providing your own solution to the problem. No need to get Cloudron involved here for 15$/mth. I am sure, it will be just a bunch of shell scripts.
@marcusquinn the glass ceiling is simply time on our side. Technically providing such a package for Cloudron is often not far out, but initial work to a proper package following our requirements and especially ongoing maintenance and support requires time. It is not like we don't package apps for the fun of blocking our users. By now most of our time is spent in updating apps so they can be rolled out, without breaking all the time. Often debugging one app for one update eats many hours.
Further, one can already create custom packages for Cloudron, running
cloudron build && cloudron installinside that folder solves it already. If those packages are well written, then we have picked them up in the past and pulled them into our supported library after some required polish. We will soon work on a better solution to have these available for others without required commandline knowledge. We hope to remove us a bit as the bottleneck then, afterall our business is not selling app packages and the support for those, but the platform to run them.This WG Implementation is not the only task in the budget
Maybe the wrong way I expressed myself. We are working on it. But it won't be open source and I find that a pity.No matter what, such a solution under Cloudron would be usable for many I think. Straight for our customer not, but there are many out there who would like to use it-me included. I see a similarity here as with Bitwarden. I used Bitwarden under Cloudron for a long time. Super easy, no hassle and with my own server. The same would be possible with WG.
