A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Make sure the Allowed-IPs is as small a subnet as possible. Your device will only route traffic over your VPN that has a destination IP in that subnet.
That way you're only tunneling the traffic that needs to go over it. Everything else will go out the normal route.
Having your device package up and encrypt every packet takes some overhead and will inherently lower your bandwidth throughput, so it's worth minimizing the number of packets that have to go through that process.
On the client? It's a great suggestion honestly. I did not noticed that the Wireguard app let me setting which specific app should have the connection routed throw the VPN. This could be a solution to limit the performance loss only for self-hosted content
Here's an example of what I use across multiple networks, with roaming and static devices. They all use a common /24 subnet (that doesn't overlap with any of the common LAN subnets), and each gets it's one /32 address in that subnet. That way each one accepts traffic from any other WG clients in the same subnet as local traffic to the host device. Essentially each PC, server, or phone thinks it's on the same local network as every other WG client.
[Interface]
PrivateKey = XXX
ListenPort = 51820
Address = 10.172.43.11/24
### Every client gets an address in the 10.172.43.x network
[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.15/32
### This device is a roaming phone or laptop, so it will be able to talk to the server when it wants to, but must initiate all traffic.
[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.11/32, 192.168.1.0/24
#### This device is a router which is configured to NAT any traffic from WG to the LAN, so any WG device can talk to the LAN as if it's local
Endpoint = my.dynamic.dns.addres:51820
#### Use dynamic dns for any device that has a semi-permanent public IP and hosts ANY amount of content, files, or needs to be accessible to SSH
WireGuard is **WAY ** faster than any other VPN I've tested, and much more flexible. But at the cost of a little extra setup.
Eh, I experienced this.
What's your upload speed, becuase this will be your max download speed as your sending data out of your network!
Try for an ISP with symmetric up/download, or just one that's better.
You can test this with a vps with a higher upload than your current ISP, destroy it when your done. (Jupiter Broadcasting and Tux Digital podcasts have a good deal on linode atm)
I'm from Italy so my ISP choice is actually really limited, but I'm gonna look into this
Connection speed on what device? From where?
I was testing it with my Android smartphone with the Wireguard VPN app installed. Both wifi and 4g connection takes like a 40% drop in performance VPNon vs VPNoff
Could be related to your MTU settings, have you tried changing these? Some recommendations on this site:: https://keremerkan.net/posts/wireguard-mtu-fixes/.
It's likely your upload speed limiting things. If you're concerned about your internet download speed being hampered, you can configure your wireguard clients to not go through the VPN when accessing internet traffic (configure AllowedIps on the clients to limit it to your VPN and home LAN networks). But accessing data stored in your home LAN will always be limited to your upload speed when the client is not connected directly to your LAN.
This is a good workaround, thanks! Did not know it was possible
Do not use WLAN, use wired Ethernet. What's your upstream? It's limiting the rate you can serve the content.
I'm not sure I understand. Use ethernet where?
Connect your server to the Fritzbox via a patch cable.
This might be a stupid question, but I'm only so-so at wireguard. Do you experience that kind of loss using WG at home, on wifi, between your phone and server?
yeah exactly! I have loss even in 4g (VPN on vs VPN off)
Check you ISP connections limits, remember that uploading from an external device will be downloaded by your home router and vice versa.
Seems like you have 400/200 (download/upload) speed which is sick imo. I have 180/20 atm, moving soon to a new place with fiber connection woop, cant wait
I was talking about a reduction from 400 to 200, but yeah. It's a really nice connection! I'm lucky!