I’d like to run a VPN locally, and am just double checking I understand the security correctly.

I want to run Wirwguard easy via Casaos on Ubuntu server.

My router will port forward a high port number, check daily for updates, and I’ll update the server weekly.

Is there anything I’m missing?

  • orankiEnglish
    42 years ago

    Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.

    I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.

    • @hayalci@fstab.shEnglish
      52 years ago

      +1 on not using containers.for Network routing stuff That way lies pain and misery.

      • @Dust0741@lemmy.worldOPEnglish
        12 years ago

        Fair enough. I’ve had success with it though. I should probably just use the official wireguard not wg-easy