A while ago I wrote about the Configuration of wireguard as a personal VPN solution. Now, after using that setup for four month as a standard it is time to look back and summarize my personal findings.
I am using a wireguard setup on two of my digital devices: my personal smartphone and a tablet. Both systems are based on LineageOS, work in a reliable and useful manner on a daily base. No real issues. The wireguard setup is active as standard, so all my traffic from those devices is automatically routed through that personal VPN tunnel. Independent of where I am, so whether the devices are connected to my personal local network or using mobile broadband networks. Nothing to think about after a reboot or upgrade of the OS. Things simply work. Which is exactly what one wants.
I remember two situations where I actively switched off the VPN tunnel to tackle failing network connectivity. Both times after unexpected changes of the network topology (unexpected in the sense of not common, exceptual). Both times disabling the VPN tunnel restored connectivity. Which interestingly persisted when re-enabling the VPN tunnel. Which suggests that the issue is located on the client side, maybe routing issues due to the changing network topology, not server or tunnel based.
There is one device I really would like to also connect using the same solution: my personal laptop. Unfortunately that has not been possible so far, at least I failed, personally. I operate the KDE Neon Linux distribution as an OS on that laptop. It is my primary work horse. The issue: the wireguard solution has been backported to the Linux Kernels up from version 5.6. So far my KDE Neon installation still uses Ubuntu 18.04 as a base, that is the last LTS version of the Ubuntu base, that one is currently based on kernel 4.15. So no native wireguard module. I personally failed to setup a dynamic module in a reliable way, so I skipped that project a while ago. Two days ago the Neon project finally announced the switch of the Ubuntu base from 18.04 to 20.04. As expected in time for the first point release of that new LTS base. So I will probably refocus on addint the wireguard VPN tunnel to my laptop’s networking setup as soon as I have upgraded.
Anything not working? Two scenarios come into my mind:
- KDEConnect fails to connect from the wireguard based devices to my laptop. That is a setback. It is not surprising though that this does not work out-of-the-box. However I also failed to find a working setup by adding routing exceptions to the VPN setup on those devices. I suspect the issue is the „exotic“ port KDEConnect uses. One more reason to finally get done the alternate Bluetooth based connection option for KDEConnect.
- Adding wireguard to the network setup of my DSL router which would make the tunnel transparent for all devices operating inside one of my local personal networks at home. But since I still operate a 12 years old router purchased from the predecessor of my current internet provider I have little realistic hope for that. And I won’t complain about that nor invest any time into that. Maybe it’s time to look into alternatives for the stacked operating system on mass DSL routers again? My thoughts travel back to the Good Old Times TM when hacking on such stuff… (Disclaimer: the „good old times“ are not that, actually the contrary is true, though our mind makes us think otherwise…)
I do not experience any bandwidth or latency issues with my current wireguard setup. But then again I am an average user. I rarely play online games (I have better things to do with my time, really …). So it might well be that others have different results here.
Also my setup is not prone to the privacy concerns issued lately having the wireguard solution in view, since my setup truly is a personal VPN (so not relying on a VPN service provider).
So what is my bottom line?
The wireguard setup works for me. Period. And a big thanks to that project.
I have a reliable setup offering high speed connectivity with no actual issues. The solution works unmaintained to such an extend that I actually forget it is in between me and the vast spaces of the internet. Which is, again, exactly how it should be!