i want when use wireguard change my ip address can you help me?
I don't know what you are doing but I got a gigabit link fully saturated with wireguard on my local network. The server was a low-end dual core AMD PC. It's literally as if it's not even there
I have just set up a virtual server with wireguard for a company and i have 8 computers with windows 10 working from home and it's stupid fast. I'm Blowned away. I was thinking that the connection speed would drop a lot on each persons computer at home and i see no slow down's at all in internet speed of each computer. Best thing ever regarding VPN's. And you are right configuration could be better and "easyer" to identify connections on configuration file. Let's wait for future versions of wireguard.
Perhaps you know this but it was not made clear to the viewers: a VPN client's download bandwidth will be limited by the endpoint's upload bandwidth. You showed us that your download bandwidth goes from 200 (without wg) to 60 (with wg), but did not show us what your upload bandwidth is (without wg), so we have no frame of reference for how well wg is actually performing. If the endpoint can only upload at 60mpbs, then a client can only possibly get 60mbps down from that endpoint.
For help configuring wg over systemd-networkd, look at Archlinux Wiki. Regardless of what distro you use, I find the ArchWiki to be a very useful resource.
By the way- wg not indicating if there is a connection problem is actually integral to what makes it special. By taking the "dumb pipe" approach- that is, just transmitting data and not caring if the other end is receiving or responding- wg avoids some unnecessary problem-causing complexity. OpenVPN cannot work until both sides have said "hello" and shook hands. When a laptop wakes up from sleep, at what point should it send the "hello" message? How many times should it retry until it gets a response? How long should it wait between each retry? There is no one answer that fits every scenario. The entire network is halted until the handshake completes, and it's pretty easy for the internet to be available but unusable because OpenVPN is still playing telephone tag with the endpoint, trying to get that handshake. The same problem plagues active connections- if no data has flowed through a TCP connection for some time, the connection expires and OpenVPN will need to perform a new handshake. This can be avoided by sending "keepalive" packets periodically… messy and inefficient!
wg uses UDP, which does not care about handshakes. The pipe is created, now send data down the pipe. That's all there is to it! This is generally a better and more efficient approach, but yes the tradeoff is that wg cannot tell you that a connection was severed.
I'm using the following systemd config for wireguard: https://gist.github.com/westphahl/dd8b0b74d2a3611b3bd753bee99059e0 Of course you still need "net.ipv4.ip_forward=1" and some iptables rules ("iptables -A FORWARD -i wg0 -j ACCEPT" + "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE")
> Using systemd.
Instantly found the problem.
you should take a look at streisand
Yes, managing all the keys and IP's is a problem I haven't been able to find a solution to with WG. If anyone knows a fix for this (if one even exists due to the design of WG) please post somewhere. I've been using OpenVPN for ages, and I'm more comfortable with it at this point. I have a good workflow with OVPN.
60 mbps…that's my NORMAL speed, LOL
Check out Tailscale, it's fairly new – but it's got a bunch of awesome people working on it. Would probably make your life a lot easier around the management of Wireguard stuff
Let us know what you think, if you end up checking it out.
The raspberry doesn't have aes hardware acceleration so that could be why the speed is so low, not sure if the nuc has it.
I've spent waaay too much time over the past 2 weeks trying to get my OpenWRT router to tunnel all traffic through my VPN server via WireGuard. I've got the router itself working perfectly and tunneling its own traffic through the VPN, both IPv4 and IPv6, but devices connected to the router only have their IPv4 traffic tunneled through the VPN; IPv6 traffic still goes transparently through my ISP. Connecting via WG to my VPN directly from my desktop does work for both IPv4 and IPv6, so I know the issue is not with my desktop or the VPN server. I am pretty sure it has something to do with `ip route` setup on the router, but no configuration setup I've tried has worked so far. It's been driving me nuts.
maybe iperf would be most reliable to test locally? anyway, I've been using wireguard for the third year now, never hosted myself tho… I tried at one point but didn't really succeed, I used to use azirevpn and now I use mullvad. Very happy with it xD
Regarding bringing up the interface once ens/eth is up I'd recommend calling a 'post-up' script in /etc/network/interfaces definition for your ens/eth interface. Totally agree that managing IPs gets unmanageable very quickly. I've resorted to using Ansible to get around this. http://manpages.ubuntu.com/manpages/trusty/man5/interfaces.5.html
WireGuard performance is highly dependent on your CPU speed. Yes, I use it all the time.
i want when use wireguard change my ip address can you help me?
I don't know what you are doing but I got a gigabit link fully saturated with wireguard on my local network. The server was a low-end dual core AMD PC. It's literally as if it's not even there
I have just set up a virtual server with wireguard for a company and i have 8 computers with windows 10 working from home and it's stupid fast. I'm Blowned away. I was thinking that the connection speed would drop a lot on each persons computer at home and i see no slow down's at all in internet speed of each computer. Best thing ever regarding VPN's. And you are right configuration could be better and "easyer" to identify connections on configuration file. Let's wait for future versions of wireguard.
Perhaps you know this but it was not made clear to the viewers: a VPN client's download bandwidth will be limited by the endpoint's upload bandwidth. You showed us that your download bandwidth goes from 200 (without wg) to 60 (with wg), but did not show us what your upload bandwidth is (without wg), so we have no frame of reference for how well wg is actually performing. If the endpoint can only upload at 60mpbs, then a client can only possibly get 60mbps down from that endpoint.
For help configuring wg over systemd-networkd, look at Archlinux Wiki. Regardless of what distro you use, I find the ArchWiki to be a very useful resource.
By the way- wg not indicating if there is a connection problem is actually integral to what makes it special. By taking the "dumb pipe" approach- that is, just transmitting data and not caring if the other end is receiving or responding- wg avoids some unnecessary problem-causing complexity.
OpenVPN cannot work until both sides have said "hello" and shook hands. When a laptop wakes up from sleep, at what point should it send the "hello" message? How many times should it retry until it gets a response? How long should it wait between each retry? There is no one answer that fits every scenario. The entire network is halted until the handshake completes, and it's pretty easy for the internet to be available but unusable because OpenVPN is still playing telephone tag with the endpoint, trying to get that handshake. The same problem plagues active connections- if no data has flowed through a TCP connection for some time, the connection expires and OpenVPN will need to perform a new handshake. This can be avoided by sending "keepalive" packets periodically… messy and inefficient!
wg uses UDP, which does not care about handshakes. The pipe is created, now send data down the pipe. That's all there is to it! This is generally a better and more efficient approach, but yes the tradeoff is that wg cannot tell you that a connection was severed.
Good luck!
Check if this script helps you: https://github.com/SirToffski/WireGuard-Ligase/blob/master/Scripts/client_config.sh
Cheers
Possible MTU tanking the speed?
iperf would be much better for checking speed.
I'm using the following systemd config for wireguard: https://gist.github.com/westphahl/dd8b0b74d2a3611b3bd753bee99059e0
Of course you still need "net.ipv4.ip_forward=1" and some iptables rules ("iptables -A FORWARD -i wg0 -j ACCEPT" + "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE")
> Using systemd.
Instantly found the problem.
you should take a look at streisand
Yes, managing all the keys and IP's is a problem I haven't been able to find a solution to with WG. If anyone knows a fix for this (if one even exists due to the design of WG) please post somewhere. I've been using OpenVPN for ages, and I'm more comfortable with it at this point. I have a good workflow with OVPN.
60 mbps…that's my NORMAL speed, LOL
Check out Tailscale, it's fairly new – but it's got a bunch of awesome people working on it. Would probably make your life a lot easier around the management of Wireguard stuff
https://github.com/tailscale/tailscale
https://tailscale.com
Let us know what you think, if you end up checking it out.
The raspberry doesn't have aes hardware acceleration so that could be why the speed is so low, not sure if the nuc has it.
I've spent waaay too much time over the past 2 weeks trying to get my OpenWRT router to tunnel all traffic through my VPN server via WireGuard. I've got the router itself working perfectly and tunneling its own traffic through the VPN, both IPv4 and IPv6, but devices connected to the router only have their IPv4 traffic tunneled through the VPN; IPv6 traffic still goes transparently through my ISP. Connecting via WG to my VPN directly from my desktop does work for both IPv4 and IPv6, so I know the issue is not with my desktop or the VPN server. I am pretty sure it has something to do with `ip route` setup on the router, but no configuration setup I've tried has worked so far. It's been driving me nuts.
maybe iperf would be most reliable to test locally?
anyway, I've been using wireguard for the third year now, never hosted myself tho… I tried at one point but didn't really succeed, I used to use azirevpn and now I use mullvad. Very happy with it xD
Regarding bringing up the interface once ens/eth is up I'd recommend calling a 'post-up' script in /etc/network/interfaces definition for your ens/eth interface. Totally agree that managing IPs gets unmanageable very quickly. I've resorted to using Ansible to get around this. http://manpages.ubuntu.com/manpages/trusty/man5/interfaces.5.html
WireGuard performance is highly dependent on your CPU speed. Yes, I use it all the time.
https://www.softether.org/1-features