Wireguard: results

Nick Vermeulen

Nick Vermeulen

3 min read
Wireguard: results

We have now been using Wireguard VPN’s between our Spectrum Cable Internet in Florida and our KPN Internet service in the Netherlands for a couple of weeks so I think we can come to some conclusions.

We use these in several ways, let’s start with the simple ones: in Florida we have a cable modem with a Gigabit Ethernet interface that we connected to a powerful Mikrotik hAP ax3 router. this means that the public IP address we get from Spectrum is assigned to the WAN interface of the router and thus the router is reachable directly from anywhere on the Internet.
We configured the router as a Wireguard VPN server and installed clients on our laptop, iPhones, iPads and on a small gl.iNet Slate travel router.

We traveled to the Netherlands aboard a Holland America Line ship that has Starlink Internet using their entry level wifi service. This service blocks UDP traffic, which is what Wireguard uses, so we couldn’t establish VPN’s during the passage. Luckily we also installed many additional services on a MacMini in Florida that were TCP based and they all worked. Our private cloud storage wasn’t available as SMB server, but we had also installed a web frontend called File Browser that worked perfectly, giving us access to our files.
Remarkable was our Music server, for which we use the Roon software, which worked perfectly, allowing us to stream our own music collection that is stored on the MacMini in lossless format at any time during the passage.

A interesting detail is that the Starlink service kept using a US based IP address, even when in European ports. Aboard Jedi, we skip over to the nearest Starlink ground station, so I guess Holland America Line has a special commercial account with a fixed ground station.

In Rotterdam we have KPN DSL Internet with a so called Experia Box V10 which is a router with built-in DSL modem. It doesn’t do VPN’s and it can’t bridge the public IP address to another router. Some research shows that we can buy a DSL modem and use that in a similar way as we do with the Spectrum cable modem in Florida, but we don’t need to as only one side of a Wireguard VPN tunnel needs to be reachable from the Internet.

For a Wireguard VPN only one side needs to be reachable from the Internet so we were able to instantly use our iPhones, iPads and laptop with Wireguard clients to establish the VPN and work as if we are in Florida. of course it is slower but this is only really noticeable when using screen sharing to get the MacMini desktop remotely and even then it’s perfectly usable. It feels unreal.

But not everything has a Wireguard client. For example the old Samsung smart TV doesn’t, so our accounts for services like YouTube, Amazon Prime etc. are all neutered to some region locked version that is useless.

To deal with this, I brought a Roku TV 4k streamer that we use in Florida and is fully configured for every service we have including full Spectrum cable TV and every streaming service included like Disney, Paramount, AMC and so on.
I connected the Slate travel router with Ethernet to the KPN Experia box, plugged the Roku into the TV HDMI input and connected the Roku wifi to the Slate router. The slate router creates a Wireguard tunnel as soon as it starts up and sends all traffic through it, so any connected client acts like if connected in Florida, using the Spectrum Internet service.

And as expected this simply works. Thousands of movies on Amazon Prime, all cable TV channels and also all the Roku channels, hundreds of them, that are not available in Europe (the whole Roku isn’t available in Europe afaik). You can’t tell that there’s a Wireguard VPN involved, everything is as responsive as it is in Florida. This is perfect… except for the 6 hour time zone difference so you get weird programming on the cable channels but we don’t watch those anyway ;-)

There’s nothing I need to change. I didn’t miss the Wireguard VPN during the ocean passage so I don’t think I will experiment with a TCP based VPN.
If you like to bring shore based Internet services that you have with you wherever you travel, this is the way. You must get a powerful router like the Mikrotik I use (which is still only $139) online at your shore based Internet service with the public IP on its WAN interface, which is often possible directly or using a bridge- or bypass-mode in the equipment from the ISP, but sometimes requires buying a modem yourself (or switch providers). Once you have this configured, it is stable and performs exactly as planned.

Read more