I’d like to run a VPN locally, and am just double checking I understand the security correctly.

I want to run Wirwguard easy via Casaos on Ubuntu server.

My router will port forward a high port number, check daily for updates, and I’ll update the server weekly.

Is there anything I’m missing?

  • oranki@sopuli.xyzEnglish
    4·
    11 months ago

    Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.

    I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.

    • hayalci@fstab.shEnglish
      5·
      11 months ago

      +1 on not using containers.for Network routing stuff That way lies pain and misery.

      • Dust0741@lemmy.worldOPEnglish
        1·
        11 months ago

        Fair enough. I’ve had success with it though. I should probably just use the official wireguard not wg-easy