Wireguard VPN

murgero

@will My original response to this post was almost a year ago - so of course stuff has changed since........

will

@murgero hahaah noted! I'll remove my reply!

murgero

@will No worries mate cheers!

marcusquinn

For interest I find this WG service decent. I have 1Gb fibre and it's able to achieve about 90% of that speed, whereas Open VPN (with pfSense on Vultr) I get about 20% of my bandwidth:

https://www.azirevpn.com/cfg/wireguard

And if any geeks are looking to relocate:

https://www.digital.je/choose-jersey/connectivity-and-network-infrastructure/

Mallewax

@Miggi I am a big fan, too and are upvoting.

Please also see this thread:

https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking/17?_=1594947401156

Together it makes even more sense.

dylightful

+1 - Been using WireGuard over OpenVPN for the past couple of months and prefer it!

dylightful

@girish Now that Adguard has been implemented. Any future plans for Wireguard?

imc67

@dylightful I really hope so, OpenVPN from iOS and MacOS is dramatic (maybe also on other platforms?) and WireGuard is really fast, stateless and always on.

ruihildt

Wireguard is also low on battery usage comparing to OpenVPN. (on Android at least)

JLX89

Yes, this would be incredible! +1

dylightful

Quite and polite bump

dylightful

@girish any update on Wireguard? has quite a few votes now

girish

@dylightful not really, we haven't started working on it. We just finished releasing 6.2.

kallados

WG would be great! Absolutely. Openvpn is dead sorry (im mean Performance). Maybe for DSL fine, but if you have "normal " modern Conection >100mbit... WG ist almost alone, who can deliver really nice speed with pretty easy user friendly Installation.

dylightful

@kallados The best option at the moment is Nyr's WG script. Obviously means you have to create a new VM if you want to keep your Cloudron 'clean'.

Nevertheless, i agree OpenVPN is old news. Hopefully soon

kallados

@dylightful I like this OpenVPN which is included on Cloudron. I use it 24/7. Pretty stable, easy to install, nice Frontend- great Stuff. Im really happy with. WG is for me just something like "next Step 10 gbit server and 250mbit cable at home and im not able to get >150mbit with OpenVpn. If i connect with WG... 220-230 is no problem at all.

dylightful

@kallados Oh absolutely! Cloudron's OpenVPN panel is great. However, have stopped using it since OpenVPN drains the hell out of my Android phone. Speed alongside with battery life WG is my daily driver!

ruihildt

@dylightful Yeah OpenVPN battery drain is unfortunately real.

dylightful

B B B B Bump

sayedanowar9

Please support Wireguard as well

dylightful

@sayedanowar9 i have broken 4 fingers crossing them too tightly...

kallados

@dylightful My Domain wireguar.de ist ready on my Cloudron. Just WG missing ^^

dylightful

Can't be far away now right?

kallados

@dylightful
I hope. OpenVPN is pretty stable, also the connection with AdGuard, but for some Reason is the Speed really weak. 12 cores, nvme, 64 gig ram and dedicated 1 gig port... And I come not over 50-70 maps. If I connect few more devices every single one achieve 50-70 Mbps.

N8N, Redash, SQL, Jellifin and Metabase are the Reasons why I'm happy to pay for Cloudron. If I get Wireguard... I don't need really more

robi

@kallados can you tell us how you use Redash and Metabase and N8N?

kallados

@robi I'm Quality Specialist. We have over 10k Employees. Lot of Data

Google Sheets are fine, but not really usable if you need to handle big Data. Big Query is fine to, but I can't expect from every single Worker, that he can work with. Actually, seems to be SQL the best way.

Our Workers handle most time different Google Sheets. I use then N8N to import Data from these Sheets and running first optimization (like Format etc.)- then import to SQL. N8N handle also Minio S3 for me. My Workers importing some Data as *.csv to Minio and N8N handle them.

Metabase is pretty easy if you want just simple analyse like a Time Range and some Filters. Nice easy understandable Dashboard. SQL is messy, but for easy Question is fine. If i need better Solution (complicated Questions or refresh Avery X second etc.) then i use Redash. Clean SQL.

imc67

@girish just for inspiration I found an easy way to configure and manage WireGuard in Docker:

https://github.com/WeeJeWel/wg-easy

This can make the long awaited WireGuard app on Cloudron also easy?

timconsidine

@imc67 looks very interesting

kallados

@imc67 said in Wireguard VPN:

@girish just for inspiration I found an easy way to configure and manage WireGuard in Docker:

https://github.com/WeeJeWel/wg-easy

This can make the long awaited WireGuard app on Cloudron also easy?

Pretty nice

dylightful

The lone survivor

girish

@dylightful We just pushed out jitsi last month or so and it's still stabilizing, so you know what's next then

kallados

@girish Jitsi? What is this

robi

This may be useful for connecting devices/apps via WgVPN - https://github.com/stv0g/wiretrustee

robi

Another OSS project that has a nice Wireguard integration - Mistborn
https://gitlab.com/cyber5k/mistborn

dylightful

@girish bump

kallados

@dylightful Ping ^^

ApplegateR

@kallados
https://github.com/ngoduykhanh/wireguard-ui

Pretty neat on this one. Because it already made on web gui.

marcusquinn

Even more useful now Contabo has a UK location, we can use this for our Hetzner Gemany hosted VDIs to tunnel out to the web in the UK for a better localised experience for our primarily UK users.

jdaviescoates

@marcusquinn said in Wireguard VPN:

we can use this for our Hetzner Gemany hosted VDIs to tunnel out to the web in the UK for a better localised experience for our primarily UK users.

That's sounds interesting, could you please elaborate?

As an aside, Contabo don't use renewable energy, which makes them climate criminals in my mind.

Here are the cheapest renewably powered VPS in UK I've found so far (in order of cheapness)

https://www.vpsserver.com/vps-london/
https://krystal.uk/cloud-vps
https://cloudabove.com/hosting/cloud-servers

dylightful

@girish said in Wireguard VPN:

so you know what's next then

Can we please get an update on Wireguard? Seems to be a lot of apps getting published that don't have anywhere near the number of votes as WG....

girish

@dylightful Yes, on our list. After 7.2 is completely rolled out (should be out later today).

Is your use case the same as the existing OpenVPN app use case? i.e a self service portal where Cloudron acts as the VPN server?

marcusquinn

@girish Our use-case would be using some mini-Cloudrons as relays for traffic from VDIs, so the users appear to be browsing from the country they are in, as opposed to where the VDI VPS is hosted.

dylightful

@girish Exactly like the OpenVPN app, Wireguard will provide MUCH better speed!

timka

Ok, so this would be an alternative to the avaible OpenVPN App?
Then I suggest a look into firezone, @git it seems like a nice slim manager with gui. But well it's quite new and I do not know about the license.

marcusquinn

For interest: ivpn.net comes recommended on privacytools.io with Wireguard very easily implemented and, formerly, I always found the Wireguard speed on azirevpn.com to be very fast.

dylightful

@girish said in Wireguard VPN:

After 7.2 is completely rolled out (should be out later today).

Bump

timka

A nice list:
https://github.com/HarvsG/WireGuardMeshes

robi

An example config of WG-Easy deployment from:
https://github.com/WeeJeWel/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL

docker-compose.yml:

version: "3.8"

services:
  wg-easy:
    environment:
      # ⚠️ Change the server's hostname (clients will connect to):
      - WG_HOST=wg-easy.myhomelab.com

      # ⚠️ Change the Web UI Password:
      - PASSWORD=foobar123
    image: weejewel/wg-easy
    container_name: wg-easy
    hostname: wg-easy
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

  nginx:
    image: weejewel/nginx-with-certbot
    container_name: nginx
    hostname: nginx
    ports:
      - "80:80/tcp"
      - "443:443/tcp"
    volumes:
      - ~/.nginx/servers/:/etc/nginx/servers/
      - ./.nginx/letsencrypt/:/etc/letsencrypt/

~/.nginx/servers/wg-easy.conf:

server {
    server_name `⚠️wg-easy.myhomelab.com`;

    location / {
        proxy_pass http://wg-easy:51821/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}

dylightful

@robi lots of solutions/apps for WG on the web, not entitely sure whats stopping/preventing the CLoudron team packaging and deploying considerings it one of the most upvoted wishlist items currently, especially when plenty of low upvote apps are getting published before WG.

Care to enlight us? @girish

timconsidine

@dylightful possibly the low vote apps don't have the complexity of integration into the Cloudron 'opinionated' environment. But I don't know really.

robi

@dylightful I hear you.. it has not been made clear yet.

I just managed to deploy wg-easy in fly.io and it's simple UI is great, doesn't need a username, and similar to our OpenVPN app, easily generates .conf files for download for the clients.

For some of the things we wanted to do with VPNs for Apps which were a lot more complex, a lot more integrations were needed, and the people who started doing those didn't manage to complete them and the chain of events stopped progress.

What we perceive being reality, this can affect much simpler things from being re-prioritized; and of course life happens.

Un/fortunately those are not blockers for Cloudron having a fast personal VPN experience via Wireguard.

As I have a bit more time this month, I may start packaging wg-easy, and if someone else is interested in lending a helping hand, many hands make short work. (Send a PM to collaborate)

timka

@robi wg-easy seems to be a nice alternative to the openvpn solution, it's also dockered: https://hub.docker.com/r/weejewel/wg-easy but I'm not sure how stable it is?

robi

@timka It is stable and just works.

dylightful

@timka Can confirm it works great and is very stable.

I ended up deploying a cluster a couple of months after apps with not even 1/3 of the upvotes were getting deployed before Wireguard. Very frustrating and disappointing.

kallados

On the one site I understand. There is lot of different Apps, they can be usable for many users. For example I use N8N. It's not perfect YET, way but more then “just usable”. Everytime when I see, that someone ask about alternative...i get angry. I ask me all time, why should we implement something new just like N8N? We have already automating stuff and it's working. Why integrate some alternative with the unknown potential?...

On other side in this Case- Open VPN have no real Potential in long term. It's working great. No doubt. Just this CPU Power Consumption is Kill Criterium. OVPN is for me like a Airpords 2. Generation. Working pretty well, but we have already something better. Nobody really except, that we use something like this, in next year's.

I pay fresh extra for Wireguard and so long working, I have no needs to pay for a next Cloudron Subscription. I have encrypted Storage, Email on own Domain and quick WG VPN with Proton unlimited. I can just pay few bucks for Integromat/make and that's all. No worries about own Server, Security and costs. Sure just my case, but maybe I'm not alone.

What I want to say to Cloudron devs- just implement WG in some usable Form (yeah we have them already, maybe just Alphas but who cares) and I will get a great Alterative back again. Cloudron is amazing Concept with huge potential, but must stay up to date.

I work on Project (for private Client) who who would be ready to pay 6 Digits Price Yearly, just for possibility to use own safe VPN without Google, Cloudflare etc. just selfhosted, easy, with no needs for huge stuff to maintain it.

Just thing about... If you would be able, to deploy own hosted system for WG VPN... with

1. easy Installation
2. Reduced maintain costs (automatic backups, updated directly from last nux Core/Ubuntu etc)
3. Open source

Just this “one app” can be enough, to create special WG subscription of Cloudron. Price reduced, just 1-3 apps. You wouldn't get just new Customers, but mainly lot of Attention. And Attention is money.

marcusquinn

@kallados I'll take those 6 figures, if they start with a £ .

I've come to the opinion that Cloudron just wants to do what it wants to do, and has a glass ceiling to solve with getting more app packaging expertise to do things the Cloudron way, so we just need to use alternatives to Cloudron to run alongside it in the meantime: Proxmox, Cloudpanel, Caprover, Univention, YunoHost, Bitnami, Rancher, Portainer, CasaOS, Umbrel, and more...

nebulon

@kallados quite frankly if you have 6 figures yearly for that, then this is easily solvable with providing your own solution to the problem. No need to get Cloudron involved here for 15$/mth. I am sure, it will be just a bunch of shell scripts.

@marcusquinn the glass ceiling is simply time on our side. Technically providing such a package for Cloudron is often not far out, but initial work to a proper package following our requirements and especially ongoing maintenance and support requires time. It is not like we don't package apps for the fun of blocking our users. By now most of our time is spent in updating apps so they can be rolled out, without breaking all the time. Often debugging one app for one update eats many hours.

Further, one can already create custom packages for Cloudron, running cloudron build && cloudron install inside that folder solves it already. If those packages are well written, then we have picked them up in the past and pulled them into our supported library after some required polish. We will soon work on a better solution to have these available for others without required commandline knowledge. We hope to remove us a bit as the bottleneck then, afterall our business is not selling app packages and the support for those, but the platform to run them.

kallados

@nebulon

This WG Implementation is not the only task in the budget Maybe the wrong way I expressed myself. We are working on it. But it won't be open source and I find that a pity.

No matter what, such a solution under Cloudron would be usable for many I think. Straight for our customer not, but there are many out there who would like to use it-me included. I see a similarity here as with Bitwarden. I used Bitwarden under Cloudron for a long time. Super easy, no hassle and with my own server. The same would be possible with WG.

marcusquinn

@kallados Worth searching the forum here for "Mesh VPN" too, as there's a few apps on the wishlist that also use Wireguard behind the scenes to make Wireguard private networking super-easy to administer.

robi

@marcusquinn Yes, such as TailScale which Umbrel uses by default for securing access to itself.