FreeBSD Home NAS, part 3: WireGuard VPN, routing, and Linux peers
https://rtfm.co.ua/en/freebsd-home-nas-part-3-wireguard-vpn-linux-peer-and-routing/
#HackerNews #FreeBSD #Home #NAS #WireGuard #VPN #Routing #Linux #Peers
Michał "rysiek" Woźniak · 🇺🇦
boosted
Mullvad rolls out GotaTun, a Rust-based WireGuard implementation after wireguard-go caused most Android crashes.
Crash rate dropped to 0.01% post-deployment. Desktop & iOS planned for 2026.
https://www.technadu.com/gotatun-rollout-marks-major-wireguard-shift-at-mullvad/616309/
Is Rust becoming the safer default for VPN cores?
#WireGuard #Mullvad #Rust #VPN #InfoSec
Finally replaced my DynDNS setup that exposed my home server to the Internet with a combination of:
- Tiny VPS* with public IP
- HAProxy with
send-proxy-v2(proxy protocol) - Wireguard tunnel to home server
So you guys stop tracking my home IP.
Thanks to @cR0w for the original idea.
*The cheapest IPv4 that I've found so far: ionos VPS XS (2$/1€).
Mullvad rolls out GotaTun, a Rust-based WireGuard implementation after wireguard-go caused most Android crashes.
Crash rate dropped to 0.01% post-deployment. Desktop & iOS planned for 2026.
https://www.technadu.com/gotatun-rollout-marks-major-wireguard-shift-at-mullvad/616309/
Is Rust becoming the safer default for VPN cores?
#WireGuard #Mullvad #Rust #VPN #InfoSec
ajuvo ✔
and 1 other
boosted
Mullvad is removing OpenVPN in desktop app v2025.14, shifting all users to WireGuard for security, performance, and newer anti-censorship tools. 🔄
Some OpenVPN setups may break, and routers/external apps will lose support by Jan 2026. ⚠️
🔗 https://mullvad.net/en/blog/2025/12/10/removing-openvpn-from-the-mullvad-vpn-app
#TechNews #Privacy #Security #VPN #Data #OpenSource #Linux #Networking #Censorship #Security #Internet #Tech #Software #Cybersecurity #Mullvad #OpenVPN #WireGuard
Mullvad is removing OpenVPN in desktop app v2025.14, shifting all users to WireGuard for security, performance, and newer anti-censorship tools. 🔄
Some OpenVPN setups may break, and routers/external apps will lose support by Jan 2026. ⚠️
🔗 https://mullvad.net/en/blog/2025/12/10/removing-openvpn-from-the-mullvad-vpn-app
#TechNews #Privacy #Security #VPN #Data #OpenSource #Linux #Networking #Censorship #Security #Internet #Tech #Software #Cybersecurity #Mullvad #OpenVPN #WireGuard
Switched to using #pangolin to expose all my #selfhosted services through the internet (with an auth layer). Very sleek. Easy to set up. Open source. Completely under your control. Just requires a (small) VM (mine is on #hetzner) to deploy. Uses #wireguard behind the scenes. https://pangolin.net/
Today's #FreeSoftwareAdvent (better late than never) is "WG Tunnel", an application for Android for bringing up and tearing down WireGuard tunnels.
I use it to keep a WireGuard tunnel running all the time on my phone.
I don't do anything fancy with it, but if one wanted to use different tunnels for different things, or when connected to different networks, or wanted a SOCKS5 proxy for other apps, it is definitely worth a look.
(And available via a custom F-Droid repo.)
@opensourceopenmind Yes.
FreedomBox includes integrations for services providing Dynamic DNS and TLS certificates (Let's Encrypt).
FreedomBox includes firewalld. Most web-based services are served by Apache server, acting as a reverse proxy. It also includes fail2ban and django-captcha to prevent brute force attempts at cracking passwords.
@njoseph Thanks. Are the certificate issuance and renewals automated?
What about hiding your home connection IP address - is there an easy-to-use integration with Wireguard or some other solution?
Sorry for the questions. I've been trying to decide between #Yunohost, #Freedombox and #HomeServerHQ for a while now. Unfortunately, the #VPS provider I wanted to setup #Wireguard on demanded #KYC self-doxxing so that stopped me in my tracks!
deutrino
boosted
WG Tunnel
An WireGuard & AmneziaWG Android client with auto-tunneling, lockdown & proxying.
With auto-tunneling, tunnels automatically turn on, off, or change based on your network.
Available on its own F-droid repo, IzzyOnDroid, and Google Play.
Stefano Marinelli
boosted
What's the common wisdom regarding #Ubuntu #Linux and systemd-resolved, dnsmasq, and NetworkManager?
Had a weird thing happen where a #Wireguard tunnel didn't go up but DNS was still trying to connect to the DNS server over the WireGuard tunnel and was failing.
Is there any way to stop the DNS madness? It looks like they're both clobbering each other.
WG Tunnel
An WireGuard & AmneziaWG Android client with auto-tunneling, lockdown & proxying.
With auto-tunneling, tunnels automatically turn on, off, or change based on your network.
Available on its own F-droid repo, IzzyOnDroid, and Google Play.
What's the common wisdom regarding #Ubuntu #Linux and systemd-resolved, dnsmasq, and NetworkManager?
Had a weird thing happen where a #Wireguard tunnel didn't go up but DNS was still trying to connect to the DNS server over the WireGuard tunnel and was failing.
Is there any way to stop the DNS madness? It looks like they're both clobbering each other.
deutrino
boosted
I did some more digging on how to get my Tailscale traffic to bypass a Wireguard VPN which otherwise routes all internet traffic on OpenWrt without using the 'pbr' package, and found a rather strange document:
tl;dr it's definitely possible, but I'm going to have to bite the bullet and not use the simple "route all traffic over Wireguard and enable a 'killswitch' to prevent leaks" two-checkbox setup I've been using thus far.
I did some more digging on how to get my Tailscale traffic to bypass a Wireguard VPN which otherwise routes all internet traffic on OpenWrt without using the 'pbr' package, and found a rather strange document:
tl;dr it's definitely possible, but I'm going to have to bite the bullet and not use the simple "route all traffic over Wireguard and enable a 'killswitch' to prevent leaks" two-checkbox setup I've been using thus far.
@Luminex my own, using #wireguard
Stefano Marinelli
boosted
Has anyone run into an issue in #WireGuard in which the Endpoint is a fully qualified domain name (e.g. vpn.example.org:51820) and the tunnel won't work, but it will work if you put in the IP address (which is IPv4)? I wonder if it has to do with having both IPv4 and IPv6 stacks running and active at the same time on the client and it can't, for some reason our another, establish the tunnel correctly?
Has anyone run into an issue in #WireGuard in which the Endpoint is a fully qualified domain name (e.g. vpn.example.org:51820) and the tunnel won't work, but it will work if you put in the IP address (which is IPv4)? I wonder if it has to do with having both IPv4 and IPv6 stacks running and active at the same time on the client and it can't, for some reason our another, establish the tunnel correctly?
Michael Dexter
boosted
wireguard-fpga: Full-throttle, wire-speed hardware implementation of Wireguard VPN, using low-cost Artix7 FPGA with opensource toolchain