I have Wireguard set up, and it’s been great so far. I found it because I was looking for a way to access my home network while not at home (to see things saved on my NAS, as well as to get the benefits of my PiHole while out and about). It is perfect for that, and I have no complaints. I’m also considering hosting a Minecraft server for my friends, and I assume this would protect the open port, if they all connected to my home network through Wireguard.
I’m just wondering, does Wireguard have any other benefits beyond that? I don’t see it discussed in relation to Wireguard very often, but I know other VPNs can be used to provide greater anonymity or stop outside sources from tracking you/your data. Since Wireguard just routes to my home server, I’m assuming most of those benefits aren’t really included (and I’m 99.9% sure I can’t use it to spoof my location to be a different country or something- at least not unless I have a peer node of my own set up in that country) BUT if there is any benefit to having my VPN turned on while at home, I’d love to know. Currently, I just have my laptop and phone as peers to my home server peer, and I just turn it on when I have a reason to access my home network (for NAS or PiHole).
Please let me know if I’m missing any benefits from having it turned on at home, or installed on a desktop PC that I only use from home (happy to add it, just never had a reason to before).
I think your missconception comes from the missunderstanding of the word VPN itself. A VPN is an encrypted connection between two peers. That’s it. VPN as it is advertised today to common people is a service to hide your IP address by using a provider as an egress point for your traffic or to circumvent country related restrictions. Wireguard offers none of that. It is a VPN. It will encrypt any traffic you send over it, and that’s it. You can use it to access your home, you can use it to encrypt protocols which offer no native encryption like NFS.
I’ve used WireGuard for connecting networks together, like a friend’s house and my own, if say for example I wanted to run a Minecraft server but not expose it to the internet, share files or something like that. that’s just one example use case. works great, some routers can do WireGuard which makes it pretty easy!
if you are using public wifi, or just any wifi you don’t trust, wireguard does improve your security within that network. for example, whenever I’m at work, I use wireguard to avoid my workplace spying on what I do. they cannot read your messages or anything (since most is HTTPS) , but they might be able to roughly track the sites you are visiting or snoop on your dns queries and stuff like that. If I use wireguard, they just see me connecting to my home IP and a bunch of encrypted data packets. I also use wireguard when I’m traveling to access regional content from home, that I wouldn’t be able to access from other countries. having the tunnel on while you’re at home, doesn’t do anything except slow down your connection.
Yes, when I travel overseas I can look like I’m home to Netflix and other providers, because I can loop through my lounge room to my local ISP WAN. Also my overseas relatives can do the same so they can get to geoblocked services in my country from their country.
My friends and I have WG tunnels to each other’s houses so we can do offsite backups of important files.
That IMO is a fantastic feature!!
Like 100gb for each friend in an encrypted volume that only they can access, in event of a house fire or some such etc… They still have all important digitized documents and key info etc… Pictures as well of the family.
When out of the country or at coffee shops or at work, you can tunnel all your mobile or laptop traffic through the vpn to your home network. i do this all the time.
Okay awesome, thanks! From your answer, I think it sounds like my initial understanding was correct (and I was asking whether there was more to it that I was missing). However, if you did note any particular misconception I’d love to know so I can get it cleared up! I really appreciate people like you taking the time to educate others like me.
To ask another follow-up question, though, could you expound on your mention of using it for NFS? Is that just to say accessing files on my home network will be secure when accessed over Wireguard or is there more to what you were referencing there?
Oh, and one last question- based on your definition of VPN above,
A VPN is an encrypted connection between two peers. That’s it.
would you classify an SSH connection as a flavor of VPN? Different but in the same family? I know Wireguard has some similarities to ssh protocols, but I’m curious how you’d classify them here.
Awesome, thanks! Yeah that sounds pretty sweet. I wish my router had Wireguard functionality built in, but unfortunately it doesn’t. Some other models from my router’s brand (TP-Link) have it but not mine. I did find one example of a guy online who flashed OpenWRT firmware onto the same model as mine and got it to work, but it also sounded like he had some issues to figure out along the way, and since it’s my only router I didn’t want to screw it up- my wife wouldn’t be happy if I knocked out our Internet for awhile just because I wanted to put Wireguard on the router haha. But if I end up hosting a Minecraft server soon, I’ll definitely let my friends know to check their routers!
I don’t want to sound pandantic, but this is a HUGE security issue for any business using a domain. It is standard practice to have any egress VPN traffic blocked at the firewall. That is one of the reasons why there is a “guest” wireless at businesses. Though you could be working for a small business that has not much IT support.
Oh nice! Yeah that makes perfect sense, since I can connect to my VPN from my home network, but I have usually disconnected from work Wi-Fi (and just used data) so they don’t spy on me lol. Nice to realize the VPN will make it so I don’t have to disconnect from the work Wi-Fi haha. Thanks!
Awesome, yeah that makes sense if you have peers in each location! Maybe if I can get my family to let me tinker with their computers we can all share a Netflix again one day lol.
Is that just to say accessing files on my home network will be secure when accessed over Wireguard or is there more to what you were referencing there?
If you have an unsecure data stream, like NFS, between networks where you can’t guarantee that trust is given, encrypting NFS via Wireguard is an option. This however probably excludes your home, because you trust your home network by default. I just wanted to highlight for what else, than just accessing your home from outside, Wireguard can be used for. Since it introduces almost no latency to the traffic.
would you classify an SSH connection as a flavor of VPN?
No, since SSH does not work on L3 traffic by default. Yes, you can port bind SSH, and tunnel NFS like this too, but you need extra configurations for this to work, while a true L3 VPN will route all traffic between peers, regardless of protocol or nature of said traffic. It is also not bound to any ports, it’s a normal L3 connection, just encrypted.
If someone from IT does capture your network traffic, all they will be able to see is that you are using the wireguard protocol, the destination IP (your home IP) and the port, most likely 51820. the data in the packet will be just a bunch of gibberish and random characters, since it’s encrypted.