Hi everyone, this community is helping me a lot in starting my journey into the self-hosting world. I’m currently just experimenting using my main pc as server, but I’m planning getting an old minipc and let it running 24h.

I wanted to give acces to my hosted service from outside my wifi and since I noticed my Frirzbox router support natively Wireguard VPN i just gave it a try. It was super easy and worked flawlessly, I was able to access to my jellyfin library from 4g and other WiFi. BUT I noticed a big loss in connection speed while using my VPN (e.g. from mb/s 400 to 200 or even worse) and I’m not sure it’s a good Idea to have all my devices constantly under this kind of loss forever.

Am I doing something wrong? Do you suggest other routes in order to expose my services to outside? Thank you, and sorry if it’s a noob question.

  • Mikel@lemmy.farley.pro
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Here’s an example of what I use across multiple networks, with roaming and static devices. They all use a common /24 subnet (that doesn’t overlap with any of the common LAN subnets), and each gets it’s one /32 address in that subnet. That way each one accepts traffic from any other WG clients in the same subnet as local traffic to the host device. Essentially each PC, server, or phone thinks it’s on the same local network as every other WG client.

    [Interface]
    PrivateKey = XXX
    ListenPort = 51820
    Address = 10.172.43.11/24
    ### Every client gets an address in the 10.172.43.x network
    
    [Peer]
    PublicKey = XXXX
    AllowedIPs = 10.172.43.15/32
    ### This device is a roaming phone or laptop, so it will be able to talk to the server when it wants to, but must initiate all traffic.
    
    [Peer]
    PublicKey = XXXX
    AllowedIPs = 10.172.43.11/32, 192.168.1.0/24 
    #### This device is a router which is configured to NAT any traffic from WG to the LAN, so any WG device can talk to the LAN as if it's local 
    
    Endpoint = my.dynamic.dns.addres:51820
    #### Use dynamic dns for any device that has a semi-permanent public IP and hosts ANY amount of content, files, or needs to be accessible to SSH
    

    WireGuard is **WAY ** faster than any other VPN I’ve tested, and much more flexible. But at the cost of a little extra setup.