Network: Wireguard VPN’s

WireGuard was created by Jason A. Donenfeld and first appeared around 2015 as a new kind of VPN: lean, fast, modern and strong cryptography. it was added into the Linux kernel in 2020 and into the Mikrotik routers in 2022. Every serious router has it today.

When your router has a public IP address you can make it a Wireguard server that other nodes, wherever they are on the Internet, can connect to and establish a direct encrypted link, even from private address space like hotel rooms, public wifi etc. Once this link is established, it’s like you have a direct connection to that server.

In our case we have alderaan.sv-jedi.org, a Mikrotik hAP ax3, installed as server in Florida. So whenever we make a wireguard connection, it’s like if we are in Florida. This means you can avoid regional blocks. For example, we can run the Spectrum TV app and get all our cable channels, as well as all the streaming services that come with it. We can even read all the news sites that are blocked in other parts of the world.

So how do you connect to the Wireguard server? For a smartphone, tablet, laptop etc. you simply download the free app and configure it. From there on it works just like many paid services like SurfShark or NordVPN.

There’s one more aspect: not every device can do a Wireguard (nor any other) VPN. Examples are the popular AppleTV or Roku. This is where you want to install client mode Wireguard on a router like the small GL.iNet travel routers. I configured this on my GL.iNet Slate router so it creates a VPN wherever I take it. I configured a Roku to connect to it and now the Internet thinks this Roku is in Florida at all times.

If you don’t get a public IP from your ISP, like when you have Starlink, then you have an option that I haven’t tested yet, plus a good backup method: you do get an IPv6 address from Starlink and those are always public. So you should be able to create an IPv6 tunnel when the other end point also has IPv6. But I have not done any testing for this so it’s unproven. The backup option is to rent a virtual server for around $6/month with public IP number and install a Wireguard server on that, with your nodes all connecting to it to find each other.

So the Wireguard VPN’s provide you with security and lets you avoid regional restrictions, but there’s more: you also become a LAN station for the server instead of just someone on the Internet. This means that I can mount the disk volumes from my MacMini or even work on it as if sitting behind it using screen sharing. You also get access to security cameras etc without the need for someone’s cloud subscription that puts your data out there for others to grab.