Where are you running your wireguard endpoint?

Submitted ⁨⁨11⁩ ⁨hours⁩ ago⁩ by ⁨eskuero@lemmy.fromshado.ws⁩ to ⁨selfhosted@lemmy.world⁩

A different device from your home server? On the home server as the services but directly on the host? On the home server as the services but inside some VM or container?

Do you configure it manually or do you use some helper/interface like WGEasy?

source

Comments

Sort:hotnew top

sakphul@discuss.tchncs.de ⁨1⁩ ⁨hour⁩ ago
Always in the router if it supports it. If it does not support wireguard I would rather (if you are able and allowed to) replace the router instead of using something else.

source
FrederikNJS@sopuli.xyz ⁨1⁩ ⁨hour⁩ ago
I have a Raspberry Pi that runs pihole and Wireguard exclusively. My home server is a Kubernetes cluster running on an old desktop PC and 2 Intel NUCs.

The reason for the separate Pi was essentially because I only had the desktop PC initially, and for a while I had a faulty CPU, making the desktop PC crash or become unresponsive, so it helped a lot having DNS and VPN access separated from the instability.

source
Localhorst86@feddit.org ⁨3⁩ ⁨hours⁩ ago
On my router, my FritzBox came with WG support built in.

source
zueski@lemmy.zip ⁨6⁩ ⁨hours⁩ ago
On my opnsense router

source
K3can@lemmy.radio ⁨9⁩ ⁨hours⁩ ago
On my router

source
bananabread@lemmy.zip ⁨3⁩ ⁨hours⁩ ago
wg-easy on a nuc

source
kalleboo@lemmy.world ⁨9⁩ ⁨hours⁩ ago
On my (OpenWrt) router

source
30p87@feddit.org ⁨3⁩ ⁨hours⁩ ago
Home 1’s Routers, Home 2’s Router, public IPv4/v6 VPS

source
- Cyber@feddit.uk ⁨1⁩ ⁨hour⁩ ago
  The routers are running Arch? What hardware are they?
  
  I’m running pfSense as edge firewalls with a Fritzbox router as a bridge - no issues there, but would be interesting to replace that part too, if possible.
  
  source
  - 30p87@feddit.org ⁨1⁩ ⁨hour⁩ ago
    Old small desktop towers. Powerful, very open (so I can run my NS infra and WG server and bridge on there, and easily have them redundant), and very extendable (need a 10G NIC or SFP+? Plug in a PCIe card!), and easily replaceable. I now have some old Cisco APs, which will be for my 2nd Home, so I can use my FritzBox as only a modem. In my 1st Home, I’ll hopefully soon actually have fibre in addition to using my dads FritzBox as uplink. And I could add a Mobile Modem too. There, I don’t need a wireless network, as in contrast to my 2nd Home, that infra is only for servers, to which I can just connect from my dads network/FB.
    
    source
brewery@feddit.uk ⁨10⁩ ⁨hours⁩ ago
I have a vps (hetzner dedicated server auction) as well as my home servers. The vps has a fixed IP so ive setup wireguard endpoints to all point to it with forwarding on so can access every device indirectly through the vps. It allows them to work across DDNS or remotely.

I used this guide (digitalocean.com/…/how-to-set-up-wireguard-on-ubu…). Tried different tools gui’s and other methods but always came back to this to work the best

source
i_am_not_a_robot@discuss.tchncs.de ⁨10⁩ ⁨hours⁩ ago
Wireguard normally runs with higher than root privileges as part of the kernel, outside of any container namespaces. If you’re running some sort of Wireguard administration service you might be able to restrict its capabilities, but that isn’t Wireguard. Most of my devices are running Wireguard managed by tailscaled running as root, and some are running additional, fixed Wireguard tunnels without a persistent management service.

source
just_another_person@lemmy.world ⁨10⁩ ⁨hours⁩ ago
Why would you run a WG Client and WG Server on the same host? Am I reading that second mark wrong?

source
- dan@upvote.au ⁨8⁩ ⁨hours⁩ ago
  There’s no such thing as a client or server with Wireguard. All systems with Wireguard installed are “nodes”.
  
  source
  - just_another_person@lemmy.world ⁨8⁩ ⁨hours⁩ ago
    Uhhh, nooooo. Why are all these new kids all in these threads saying this crazy uninformed stuff lately? 🤣
    
    www.wireguard.com/protocol/ docs.redhat.com/en/…/setting-up-a-wireguard-vpn
    
    And, in fact, for those of us that have been doing this a long time, anything with a control point or protocol always refers to said control point as the server in a PTP connection sense.
    
    source
    -> View More Comments
- aBundleOfFerrets@sh.itjust.works ⁨10⁩ ⁨hours⁩ ago
  You are, second point means running WG on say, a proxmox root, and using it to acess the containers.
  
  source
  - just_another_person@lemmy.world ⁨10⁩ ⁨hours⁩ ago
    Uhhhh…that is…not how you do that. Especially if you’re describing routing out from a container to an edge device and back into your host machine instead of using bridged network or another virtual router on the host.
    
    Like if you absolutely had to have a segmented network between hosts a la datacenter/cloud, you’d still create a virtual fabric or SDLAN/WAN to connect them, and that’s like going WAY out of your way.
    
    Wireguard for this purpose makes even less sense.
    
    source
superglue@lemmy.dbzer0.com ⁨10⁩ ⁨hours⁩ ago
Mine runs on my router which is running openwrt

source
non_burglar@lemmy.world ⁨10⁩ ⁨hours⁩ ago
Runs in an extra locked-down container on one of my servers.

source
LordKitsuna@lemmy.world ⁨6⁩ ⁨hours⁩ ago
One end is a local VPS with insanely good peering pretty much round the damn world, other end is my opnsense router. I actually pass a block of ipv6 through the vpn and my router hands it out to devices which is a nice little bonus

source
spaghettiwestern@sh.itjust.works ⁨6⁩ ⁨hours⁩ ago
Started with it on a server but moved it to my Openwrt router. If the router’s up the tunnel’s up.

source
cmnybo@discuss.tchncs.de ⁨9⁩ ⁨hours⁩ ago
I run one on my firewall, but it’s IPv6 only because of CGNAT. The other one is running on a VPS in case I need IPv4 access. I just configured them manually.

source
watson387@sopuli.xyz ⁨9⁩ ⁨hours⁩ ago
I run the server on an old Pi. That’s its only job.

source
jol@discuss.tchncs.de ⁨10⁩ ⁨hours⁩ ago
On the home server on the host. I couldn’t figure out how to make it work in a container and still have ssh access to the host, which was my goal…

source