WireGuard

Date: Wed 2022-09-28

Permalink: https://www.dominic-ricottone.com/posts/2022/09/wireguard/


I am throwing in the towel.

For years I have somewhat maintained a VPN powered by WireGuard. At first it was a simple configuration following the Arch wiki’s section on point-to-site. That worked well enough, but didn’t accomplish much. Honestly, all I got from that setup was using a custom nameserver on my carrier-locked phone.

Then I decided to set up a split tunnel that would forward WAN traffic through a commercially-available VPN, but forward LAN traffic into the WireGuard interface. That naturally required a centralized bounce server that could forward packets. That was ultimately an unsuccessful project.

The sticking point was my phone. Every PC and laptop worked perfectly. But the moment I stepped outside, my phone’s DNS queries went into a black hole. Successful handshake; I could ping the bounce server; absolutely nothing else worked. I’m 90% certain it had something to do with my carrier’s IPv6 exchange messing with the NATing I tried do within my VPN. Which is difficult enough to research because entering “ipv6” and “nat” into a Google search will not return anything helpful.

Amazingly, the closest I ever came to a functioning configuration was when I setup a second bounce server in the cloud. My phone could actually connect to AWS reliably (more cause to think it’s IPv6? AWS certainly has working IPv6 routing…) and my WAN traffic was definitely going through the commercial VPN. And sometimes I could even ping my other WireGuard clients. But the times when it would fail were inexplicable, at least for me.

So I guess what I learned at the end of the day is I don’t understand networks. I do not understand how IPv4 and IPv6 interact, or how packets are forwarded between hosts, or how to make the wheel-and-spoke VPN model work.

I have thrown in the towel; my WireGuard network is now purely peer-to-peer connections. It works well.


Previous article: Progress and the lack thereof

Next article: Identity


Articles from the internet that I've been reading

  • Does A Software Engineer Have Scorpion Nature?

    I. A scorpion wants to sell some software but cannot code, so it asks a frog to write the application. The frog hesitates, afraid that the scorpion might start running Scrum, but the scorpion promises not to, pointing out that they would both be out of wor…

    via Ludicity

    April 8, 2024

  • My Maintenance Policy

    A short document describing how I maintain open source projects. It talks about how I prefer issues to PRs, how I work in batches, and how I'm trigger-happy with bans. It's all about setting expectations.

    via Filippo Valsorda

    April 6, 2024

  • I created a monster

    I guess it’s not a surprise, but I just don’t enjoy writing very much. I do, however, recognize its importance, so I always want to try. And sometimes, there is just this weird set of circumstances that kicks everything back into motion. _Djot One feeling that…

    via blogfehler!

    April 5, 2024

Generated by openring