this post was submitted on 26 Jul 2023
15 points (94.1% liked)

Selfhosted

40375 readers
582 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi everyone, this community is helping me a lot in starting my journey into the self-hosting world. I'm currently just experimenting using my main pc as server, but I'm planning getting an old minipc and let it running 24h.

I wanted to give acces to my hosted service from outside my wifi and since I noticed my Frirzbox router support natively Wireguard VPN i just gave it a try. It was super easy and worked flawlessly, I was able to access to my jellyfin library from 4g and other WiFi. BUT I noticed a big loss in connection speed while using my VPN (e.g. from mb/s 400 to 200 or even worse) and I'm not sure it's a good Idea to have all my devices constantly under this kind of loss forever.

Am I doing something wrong? Do you suggest other routes in order to expose my services to outside? Thank you, and sorry if it's a noob question.

top 18 comments
sorted by: hot top controversial new old
[–] Qantumentangled@lemmy.farley.pro 3 points 1 year ago* (last edited 1 year ago) (1 children)

Make sure the Allowed-IPs is as small a subnet as possible. Your device will only route traffic over your VPN that has a destination IP in that subnet.

That way you're only tunneling the traffic that needs to go over it. Everything else will go out the normal route.

Having your device package up and encrypt every packet takes some overhead and will inherently lower your bandwidth throughput, so it's worth minimizing the number of packets that have to go through that process.

[–] Kir@feddit.it 2 points 1 year ago (1 children)

On the client? It's a great suggestion honestly. I did not noticed that the Wireguard app let me setting which specific app should have the connection routed throw the VPN. This could be a solution to limit the performance loss only for self-hosted content

Here's an example of what I use across multiple networks, with roaming and static devices. They all use a common /24 subnet (that doesn't overlap with any of the common LAN subnets), and each gets it's one /32 address in that subnet. That way each one accepts traffic from any other WG clients in the same subnet as local traffic to the host device. Essentially each PC, server, or phone thinks it's on the same local network as every other WG client.

[Interface]
PrivateKey = XXX
ListenPort = 51820
Address = 10.172.43.11/24
### Every client gets an address in the 10.172.43.x network
[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.15/32
### This device is a roaming phone or laptop, so it will be able to talk to the server when it wants to, but must initiate all traffic.
[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.11/32, 192.168.1.0/24 
#### This device is a router which is configured to NAT any traffic from WG to the LAN, so any WG device can talk to the LAN as if it's local 

Endpoint = my.dynamic.dns.addres:51820
#### Use dynamic dns for any device that has a semi-permanent public IP and hosts ANY amount of content, files, or needs to be accessible to SSH

WireGuard is **WAY ** faster than any other VPN I've tested, and much more flexible. But at the cost of a little extra setup.

[–] EntropicNinja@lemmy.world 3 points 1 year ago (1 children)

Eh, I experienced this.

What's your upload speed, becuase this will be your max download speed as your sending data out of your network!

Try for an ISP with symmetric up/download, or just one that's better.

You can test this with a vps with a higher upload than your current ISP, destroy it when your done. (Jupiter Broadcasting and Tux Digital podcasts have a good deal on linode atm)

[–] Kir@feddit.it 1 points 1 year ago

I'm from Italy so my ISP choice is actually really limited, but I'm gonna look into this

[–] SheeEttin@lemmy.world 2 points 1 year ago (1 children)

Connection speed on what device? From where?

[–] Kir@feddit.it 1 points 1 year ago

I was testing it with my Android smartphone with the Wireguard VPN app installed. Both wifi and 4g connection takes like a 40% drop in performance VPNon vs VPNoff

[–] Mia@lemmy.sdf.org 2 points 1 year ago

Could be related to your MTU settings, have you tried changing these? Some recommendations on this site:: https://keremerkan.net/posts/wireguard-mtu-fixes/.

[–] vividspecter@lemm.ee 2 points 1 year ago* (last edited 1 year ago) (1 children)

It's likely your upload speed limiting things. If you're concerned about your internet download speed being hampered, you can configure your wireguard clients to not go through the VPN when accessing internet traffic (configure AllowedIps on the clients to limit it to your VPN and home LAN networks). But accessing data stored in your home LAN will always be limited to your upload speed when the client is not connected directly to your LAN.

[–] Kir@feddit.it 1 points 1 year ago

This is a good workaround, thanks! Did not know it was possible

[–] eleitl@lemmy.world 1 points 1 year ago (1 children)

Do not use WLAN, use wired Ethernet. What's your upstream? It's limiting the rate you can serve the content.

[–] Kir@feddit.it 1 points 1 year ago (1 children)

I'm not sure I understand. Use ethernet where?

[–] eleitl@lemmy.world 1 points 1 year ago

Connect your server to the Fritzbox via a patch cable.

[–] drone509@discuss.tchncs.de 1 points 1 year ago (1 children)

This might be a stupid question, but I'm only so-so at wireguard. Do you experience that kind of loss using WG at home, on wifi, between your phone and server?

[–] Kir@feddit.it 1 points 1 year ago

yeah exactly! I have loss even in 4g (VPN on vs VPN off)

[–] gvasco@discuss.tchncs.de 1 points 1 year ago

Check you ISP connections limits, remember that uploading from an external device will be downloaded by your home router and vice versa.

[–] rambos@lemmy.world 0 points 1 year ago (1 children)

Seems like you have 400/200 (download/upload) speed which is sick imo. I have 180/20 atm, moving soon to a new place with fiber connection woop, cant wait

[–] Kir@feddit.it 1 points 1 year ago

I was talking about a reduction from 400 to 200, but yeah. It's a really nice connection! I'm lucky!

load more comments
view more: next ›