Comment on [deleted]
oranki@sopuli.xyz 1 year ago
Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.
I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.
hayalci@fstab.sh 1 year ago
+1 on not using containers.for Network routing stuff That way lies pain and misery.
Dust0741@lemmy.world 1 year ago
Fair enough. I’ve had success with it though. I should probably just use the official wireguard not wg-easy