Wireguard: A simple, powerful VPN for my Raspberry Pis
This post talks about Virtual Private Networks. It is a common feature of cloud networking. I currently use Wireguard. It serves to connect all my Raspberry Pi machines together and with my public entry point in the cloud. In addition, I have machines scattered across multiple locations. This way I can connect securely to those locations and administer other systems there. I will briefly discuss OpenVPN as another FOSS alternative.
Why Wireguard?
Wireguard quickly won out as my choice for a VPN solution. It offers great performance on low end hardware. Second, it’s reasonably simple to set up. On the other hand, it offers only one layer of security – public/ private key cryptography bolstered by an optional pre-shared key.
Because I am the sole operator of my cloud, this is acceptable. If this was a larger company, having LDAP or Active Directory integration would make life simpler for an administrator. For example, they could add and revoke new users from a central place. Of course, There are products that extend Wireguard’s capabilities. However, there is a trade-off either in performance or control or both.
Thank god for scripts and FOSS
One of the easiest ways to install Wireguard is by using a nice script. Thankfully, there are many scripts on GitHub that were made public by their authors. I choose this one. It has reasonable defaults preselected and a nice menu to walk the user through setting up Wireguard. Please support the author if you find the script useful.
Once the script finishes, Wireguard is installed on the server. You will also get a configuration file for a Wireguard client. If you don’t use IPv6 networking I recommend you remove all IPv6 addresses from the configuration files. It can cause your connection to fail. I also add the option “Persistent Keepalive = 25” on all clients so that the connections don’t timeout. To add additional clients you can run the script again.
OpenVPN – a more advanced FOSS alternative
OpenVPN is an open source product that has been around for a long time. It has been tested in production and security patches are constantly being released. The performance overhead is larger and the setup is slightly more tricky than Wireguard. However, even the free offering of OpenVPN has numerous plugins that add additional security layers and other features. Once your organisation grows to a certain size, it’s a natural choice for the next step. Also, if this happens, you will probably be able to afford some more expensive servers.
Until next time, I hope you had an interesting read.
Filed under: open-source,raspberry-pi - @ 2023-01-22 19:39
Tags: FOSS, linux, raspberry-pi, servers, vpn