Wireguard VPN

I believe WireGuard VPN is now in the Linux kernel?

Anyone with experience on how to install in Arch/Endeavour?

Also, what and where are the “free TunSafe VPN servers”?

https://wiki.archlinux.org/index.php/WireGuard

Thank you - was there prior to posting.

Still, I was hoping for some user insights, as I’m not really knowledgeable enough about networking.

e.g.: the wireguard .conf file, and the usage of the Tunsafe app.

Also, is a VPN service provider still necessary? I am currently with NordVPN.

https://bbs.archlinux.org/viewtopic.php?id=254574

Many thanks - very informative.

As indicated, I am already a NordVPN user and am using the Wireguard option.

I’m still a bit confused though.

I guess I’m mistaken then - having WireGuard embedded in the kernel does not mean not having to use a VPN service provider?

I don’t know if I understood the language bar question correctly, but you can use any VPN you want even if the kernel comes with WireGuard.
Also, to use any of the many VPNs that exist on the market, you must have a very good internet connection, with little signal is not good, because the VPN as enough inet signal.

OK. I guess my lack of knowledge is pretty obvious by now. Thank you for your patience.

One last question and then I’m done:

What I am trying to establish is does the presence of Wireguard in the kernel enable one to be one’s own service provider, thereby avoiding the cost of a VPN subscription?

I am also interested in this subject. I have also a NordVPN subscription like yourself. What I wonder is if setting up the VPN connection, with NVPN’s config files, through Network Manager wouldn’t automatically use Wireguard. Network Manager supports Wireguard since version 1.16 iirc.

NordVPN already provides the option to use WireGuard via settings (NordLynx); which is what I am currently using.

I see in KDE network manager the option to add a Wireguard service, however I assume this would not independent of the NordVPN servers, i.e. not requiring a paid subscription??

1 Like

You can be your own vpn service provider no matter if Wireguard is in the kernel or not. I, for example, run my Wireguard server on my Raspberry Pi for more than a year now. Unfortunately due to Covid there is litte need for it right now.

Which brings me to the fundamental difference of rolling your own vs. a 3rd party vpn service.
Most often there are 2 reasons why people sign up with a vpn provider.

  1. You want your network traffic to originate in a different country: In my opinion a valid use case for a VPN. If BBC/Netflix dont offer the program you are after in your country you can fake your origin with a VPN. Unfortunately those providers nowadays spot and block people using a VPN. But nevertheless a valid use case.

  2. Hiding your traffic from your ISP. This works technically, but means you need to trust the VPN provider instead? All a VPN does is to allow you to shift your trust to another 3rd party. This may be legit if you live in a country where the goverment goes after it’s own people, but otherwise a VPN provider is a perfect target for anyone interessted in data of people which see the need to use a VPN. If I was running a spy agency I would start offering a VPN service :slight_smile:
    VPN providers offer Wireguard support nowadays, but that just means you use the wireguard protocol to communicate with the Wireguard server of the 3rd party provider.

Rolling your own VPN is completely different though, you won’t use it to connect from home to the world but the opposite, you connect to home whenever you are travelling, thus hidding your whereabouts. From an ISP point of view all your traffic will be originating from home. Maybe usinhg your home DNS filter, etc. Very different use case.

So I guess the question you need to ask yourself is why you need a vpn in the first place. Once that’s clear it’s straight forward to decide if hosting your own VPN is an option.

Obviously there are ways to blend the two, you could e.g. rent a server in Germany and install Wireguard there. This would mean all your VPN traffic would originate in Germany and you don’t need to trust a VPN provider…but the German hosting company instead. :slight_smile:

1 Like

That’s just the VPC client. You would use this to connect to your or a VPN providers WireGuard server.

I use AzireVPN wireguard, I wrote a little function to bring it up and down from the terminal, easy peasy. The install script from Azire was easy to use too.

az () {
        if [ ! -f ~/.flags/az.flag ]
        then
                touch ~/.flags/az.flag
                killall mytray.bin &> /dev/null
                wg-quick up azirevpn-uk1
                ~/scripts/wireguard/mytray.bin &
                echo "Started Wireguard"
        else
                trash-put ~/.flags/az.flag
                killall mytray.bin &> /dev/null
                wg-quick down azirevpn-uk1
                ~/scripts/wireguard/mytray.bin &
                echo "Stopped Wireguard"
        fi
}

Mytray.bin is a simple python script to put a big red icon in the toolbar to let me know it is connected (the lock icon is too small :smiley: ).
image

Absolutely awesome feedback.

Thanks everyone for your contributions - all very illuminating; gives me lots to (re)think about.