Wireguard VPN

Miggi

Hi,

Implementation of WireGuard would be awesome.
Its a small but strong VPN Solution, based on newer Security Algorithms and is getting to build into Linux Kernel
Wireguard looks like it takes OpenVPN and IPSec out of Business ^^
Something about 4000 Lines of Code(instead of 400-600k) and open source
Official Website
Https://www.wireguard.com/

murgero

@Miggi I love the idea, however - One issue I see with this is the claim of being better than OpenVPN, but no certification by a reputable security firm like OpenVPN. I have tried Wireguard though - amazing how fast and easy it was to configure. But just not old enough to be considered stable - yet.

yusf

Wireguard 1.0.0 is now audited, released and included in the Linux 5.6. Time to get the app going!

imc67

@yusf Wouldn't it be great to combine it with Pi-hole, then you have an all-in-one "always safe home" connection? The apps (ie. iOS and MacOS) of Wireguard are btw absolutely great, always connection, fast, never failes and even after reboot immediately connects.

girish

Is there a wireguard UI in progress? We can probably re-purpose what @mehdi wrote for the OpenVPN app for wireguard as well.

imc67

@girish there are a lot (too many) initiatives for a web GUI none really mature IMHO. Currently I use PIVPN (can also be installed on Ubuntu) with commandline, very easy, very simple and also with QR code (from the command line!)

will

@murgero Wireguard has been audited many times now. It is even upstreamed into the kernel.

Replying to old comments is hard apparently.

murgero

@yusf 100% this!! I actually already use it daily heheh

murgero

@will My original response to this post was almost a year ago - so of course stuff has changed since........

will

@murgero hahaah noted! I'll remove my reply!

murgero

@will No worries mate cheers!

marcusquinn

For interest I find this WG service decent. I have 1Gb fibre and it's able to achieve about 90% of that speed, whereas Open VPN (with pfSense on Vultr) I get about 20% of my bandwidth:

https://www.azirevpn.com/cfg/wireguard

And if any geeks are looking to relocate:

https://www.digital.je/choose-jersey/connectivity-and-network-infrastructure/

Mallewax

@Miggi I am a big fan, too and are upvoting.

Please also see this thread:

https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking/17?_=1594947401156

Together it makes even more sense.

dylightful

+1 - Been using WireGuard over OpenVPN for the past couple of months and prefer it!

dylightful

@girish Now that Adguard has been implemented. Any future plans for Wireguard?

imc67

@dylightful I really hope so, OpenVPN from iOS and MacOS is dramatic (maybe also on other platforms?) and WireGuard is really fast, stateless and always on.

ruihildt

Wireguard is also low on battery usage comparing to OpenVPN. (on Android at least)

JLX89

Yes, this would be incredible! +1

dylightful

Quite and polite bump

dylightful

@girish any update on Wireguard? has quite a few votes now

girish

@dylightful not really, we haven't started working on it. We just finished releasing 6.2.

kallados

WG would be great! Absolutely. Openvpn is dead sorry (im mean Performance). Maybe for DSL fine, but if you have "normal " modern Conection >100mbit... WG ist almost alone, who can deliver really nice speed with pretty easy user friendly Installation.

dylightful

@kallados The best option at the moment is Nyr's WG script. Obviously means you have to create a new VM if you want to keep your Cloudron 'clean'.

Nevertheless, i agree OpenVPN is old news. Hopefully soon

kallados

@dylightful I like this OpenVPN which is included on Cloudron. I use it 24/7. Pretty stable, easy to install, nice Frontend- great Stuff. Im really happy with. WG is for me just something like "next Step 10 gbit server and 250mbit cable at home and im not able to get >150mbit with OpenVpn. If i connect with WG... 220-230 is no problem at all.

dylightful

@kallados Oh absolutely! Cloudron's OpenVPN panel is great. However, have stopped using it since OpenVPN drains the hell out of my Android phone. Speed alongside with battery life WG is my daily driver!

ruihildt

@dylightful Yeah OpenVPN battery drain is unfortunately real.

dylightful

B B B B Bump

sayedanowar9

Please support Wireguard as well

dylightful

@sayedanowar9 i have broken 4 fingers crossing them too tightly...

kallados

@dylightful My Domain wireguar.de ist ready on my Cloudron. Just WG missing ^^

dylightful

Can't be far away now right?

kallados

@dylightful
I hope. OpenVPN is pretty stable, also the connection with AdGuard, but for some Reason is the Speed really weak. 12 cores, nvme, 64 gig ram and dedicated 1 gig port... And I come not over 50-70 maps. If I connect few more devices every single one achieve 50-70 Mbps.

N8N, Redash, SQL, Jellifin and Metabase are the Reasons why I'm happy to pay for Cloudron. If I get Wireguard... I don't need really more

robi

@kallados can you tell us how you use Redash and Metabase and N8N?

kallados

@robi I'm Quality Specialist. We have over 10k Employees. Lot of Data

Google Sheets are fine, but not really usable if you need to handle big Data. Big Query is fine to, but I can't expect from every single Worker, that he can work with. Actually, seems to be SQL the best way.

Our Workers handle most time different Google Sheets. I use then N8N to import Data from these Sheets and running first optimization (like Format etc.)- then import to SQL. N8N handle also Minio S3 for me. My Workers importing some Data as *.csv to Minio and N8N handle them.

Metabase is pretty easy if you want just simple analyse like a Time Range and some Filters. Nice easy understandable Dashboard. SQL is messy, but for easy Question is fine. If i need better Solution (complicated Questions or refresh Avery X second etc.) then i use Redash. Clean SQL.

imc67

@girish just for inspiration I found an easy way to configure and manage WireGuard in Docker:

https://github.com/WeeJeWel/wg-easy

This can make the long awaited WireGuard app on Cloudron also easy?

timconsidine

@imc67 looks very interesting

kallados

@imc67 said in Wireguard VPN:

@girish just for inspiration I found an easy way to configure and manage WireGuard in Docker:

https://github.com/WeeJeWel/wg-easy

This can make the long awaited WireGuard app on Cloudron also easy?

Pretty nice

dylightful

The lone survivor

girish

@dylightful We just pushed out jitsi last month or so and it's still stabilizing, so you know what's next then

kallados

@girish Jitsi? What is this

robi

This may be useful for connecting devices/apps via WgVPN - https://github.com/stv0g/wiretrustee

robi

Another OSS project that has a nice Wireguard integration - Mistborn
https://gitlab.com/cyber5k/mistborn

dylightful

@girish bump

kallados

@dylightful Ping ^^

ApplegateR

@kallados
https://github.com/ngoduykhanh/wireguard-ui

Pretty neat on this one. Because it already made on web gui.

marcusquinn

Even more useful now Contabo has a UK location, we can use this for our Hetzner Gemany hosted VDIs to tunnel out to the web in the UK for a better localised experience for our primarily UK users.

jdaviescoates

@marcusquinn said in Wireguard VPN:

we can use this for our Hetzner Gemany hosted VDIs to tunnel out to the web in the UK for a better localised experience for our primarily UK users.

That's sounds interesting, could you please elaborate?

As an aside, Contabo don't use renewable energy, which makes them climate criminals in my mind.

Here are the cheapest renewably powered VPS in UK I've found so far (in order of cheapness)

https://www.vpsserver.com/vps-london/
https://krystal.uk/cloud-vps
https://cloudabove.com/hosting/cloud-servers

dylightful

@girish said in Wireguard VPN:

so you know what's next then

Can we please get an update on Wireguard? Seems to be a lot of apps getting published that don't have anywhere near the number of votes as WG....

girish

@dylightful Yes, on our list. After 7.2 is completely rolled out (should be out later today).

Is your use case the same as the existing OpenVPN app use case? i.e a self service portal where Cloudron acts as the VPN server?

marcusquinn

@girish Our use-case would be using some mini-Cloudrons as relays for traffic from VDIs, so the users appear to be browsing from the country they are in, as opposed to where the VDI VPS is hosted.

dylightful

@girish Exactly like the OpenVPN app, Wireguard will provide MUCH better speed!

timka

Ok, so this would be an alternative to the avaible OpenVPN App?
Then I suggest a look into firezone, @git it seems like a nice slim manager with gui. But well it's quite new and I do not know about the license.

marcusquinn

For interest: ivpn.net comes recommended on privacytools.io with Wireguard very easily implemented and, formerly, I always found the Wireguard speed on azirevpn.com to be very fast.

dylightful

@girish said in Wireguard VPN:

After 7.2 is completely rolled out (should be out later today).

Bump

timka

A nice list:
https://github.com/HarvsG/WireGuardMeshes

robi

An example config of WG-Easy deployment from:
https://github.com/WeeJeWel/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL

docker-compose.yml:

version: "3.8"

services:
  wg-easy:
    environment:
      # ⚠️ Change the server's hostname (clients will connect to):
      - WG_HOST=wg-easy.myhomelab.com

      # ⚠️ Change the Web UI Password:
      - PASSWORD=foobar123
    image: weejewel/wg-easy
    container_name: wg-easy
    hostname: wg-easy
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

  nginx:
    image: weejewel/nginx-with-certbot
    container_name: nginx
    hostname: nginx
    ports:
      - "80:80/tcp"
      - "443:443/tcp"
    volumes:
      - ~/.nginx/servers/:/etc/nginx/servers/
      - ./.nginx/letsencrypt/:/etc/letsencrypt/

~/.nginx/servers/wg-easy.conf:

server {
    server_name `⚠️wg-easy.myhomelab.com`;

    location / {
        proxy_pass http://wg-easy:51821/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}

dylightful

@robi lots of solutions/apps for WG on the web, not entitely sure whats stopping/preventing the CLoudron team packaging and deploying considerings it one of the most upvoted wishlist items currently, especially when plenty of low upvote apps are getting published before WG.

Care to enlight us? @girish

timconsidine

@dylightful possibly the low vote apps don't have the complexity of integration into the Cloudron 'opinionated' environment. But I don't know really.

robi

@dylightful I hear you.. it has not been made clear yet.

I just managed to deploy wg-easy in fly.io and it's simple UI is great, doesn't need a username, and similar to our OpenVPN app, easily generates .conf files for download for the clients.

For some of the things we wanted to do with VPNs for Apps which were a lot more complex, a lot more integrations were needed, and the people who started doing those didn't manage to complete them and the chain of events stopped progress.

What we perceive being reality, this can affect much simpler things from being re-prioritized; and of course life happens.

Un/fortunately those are not blockers for Cloudron having a fast personal VPN experience via Wireguard.

As I have a bit more time this month, I may start packaging wg-easy, and if someone else is interested in lending a helping hand, many hands make short work. (Send a PM to collaborate)

timka

@robi wg-easy seems to be a nice alternative to the openvpn solution, it's also dockered: https://hub.docker.com/r/weejewel/wg-easy but I'm not sure how stable it is?