I’d like to run a VPN locally, and am just double checking I understand the security correctly.

I want to run Wirwguard easy via Casaos on Ubuntu server.

My router will port forward a high port number, check daily for updates, and I’ll update the server weekly.

Is there anything I’m missing?

  • oranki@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.

    I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.

    • hayalci@fstab.sh
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      +1 on not using containers.for Network routing stuff That way lies pain and misery.

      • Dust0741@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Fair enough. I’ve had success with it though. I should probably just use the official wireguard not wg-easy