Jump to content
Not connected, Your IP: 3.17.174.204
Staff

[COMPLETED] WireGuard beta testing available

Recommended Posts

Trying with WireGuard GUI, but get stuck here:

" Log in this site.
Enter Config Generator
Click on your favorite option.
Click on "Generate".
Download or extract files. "

AIrVPN's config generator doesn't generate the '.conf' file.  It gives me .crt. .key, and .opvn

Share this post


Link to post
6 minutes ago, YLwpLUbcf77U said:

Trying with WireGuard GUI, but get stuck here:

" Log in this site.
Enter Config Generator
Click on your favorite option.
Click on "Generate".
Download or extract files. "

AIrVPN's config generator doesn't generate the '.conf' file.  It gives me .crt. .key, and .opvn


You're downloading an OpenVPN config, not a Wireguard one. Enable the beta setting here: https://airvpn.org/preferences/ then select Wireguard in the config generator. 

Share this post


Link to post
4 minutes ago, Daniel15 said:

You're downloading an OpenVPN config, not a Wireguard one. Enable the beta setting here: https://airvpn.org/preferences/ then select Wireguard in the config generator. 

That did the trick.  Thank you.  It works now but I don't see speeds faster than what I am getting on OpenVPN already but I believe there is an issue with my laptop as my other devices don't have the same issue.

Share this post


Link to post

As many others have noted, most modern laptops have "AES-NI" hardware acceleration for the AES ciphers often used with OpenVPN, so wireguard is not expected to be faster.  It will likely be much faster in devices without that acceleration, like phones and routers.

Share this post


Link to post
14 minutes ago, SurprisedItWorks said:

As many others have noted, most modern laptops have "AES-NI" hardware acceleration for the AES ciphers often used with OpenVPN, so wireguard is not expected to be faster.  It will likely be much faster in devices without that acceleration, like phones and routers.


Any Intel processors made in the last 10 years or so should have AES-NI, but I've still seen many cases where Wireguard is faster, particularly on systems with lots of cores, and Linux systems (where Wireguard runs in the kernel)

Share this post


Link to post
On 11/19/2021 at 2:05 AM, LcKHUNy7 said:

There is a github repository with a kernel module for the old synology kernels here: https://github.com/runfalk/synology-wireguard
For the userspace, I chose to run wireguard in a docker container (any docker container with wireguard tools will work here).

Hello, can you please make a tutorial? It didn't work on my Synology DS920+ with DSM7.

THX 

Share this post


Link to post

this is not a complaint in any way just an observation.

I am setup to us.vpn.airdns.org and in a day or two of being connected I have been on at least 3 different servers.    is it connecting to the one with the least latency/ ping?

This is on Pfsense by the way and not Eddie or anything software based

 

Share this post


Link to post

When using Wireguard on Android, I can not see my local network.  I am guessing that I need to add more IPs to the Allowed IPs. What IP ranges do I need to add?

Share this post


Link to post
@Air4141841

Hello!

That's correct, FQDN records pertaining to the "best" server of a certain area (country or continent or planet) are updated every 5 minutes to make the name resolve into the "best" server entry IP address in that area. "Best" server is computed by a simple formula which takes into account server load (connected clients), available bandwidth, ISP reliability and round trip time between the server itself and all (or many) other VPN servers in AirVPN.

@kbps

IPv4 private subnets are inside three possible ranges:
https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses

You can find the one your devices are in by checking the router settings, for example, or the physical interface settings of one of your computers

Kind regards
 

Share this post


Link to post
13 hours ago, Staff said:
@Air4141841

Hello!

That's correct, FQDN records pertaining to the "best" server of a certain area (country or continent or planet) are updated every 5 minutes to make the name resolve into the "best" server entry IP address in that area. "Best" server is computed by a simple formula which takes into account server load (connected clients), available bandwidth, ISP reliability and round trip time between the server itself and all (or many) other VPN servers in AirVPN.

@kbps

IPv4 private subnets are inside three possible ranges:
https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses

You can find the one your devices are in by checking the router settings, for example, or the physical interface settings of one of your computers

Kind regards
 

Thanks @Staff.

Upon closer look in Wireguard, there is a check box in edit mode called 'exclude private IPs' that is not checked by default. Checking it populates with the IP ranges from your link. 

I can now see my local network. 

Share this post


Link to post

FWIW, I have been "on the fence" about migrating to WireGuard from OpenVPN for my primary connections. It's newer and not as "battle tested" as it were as OpenVPN. I have read more discussions about the pros and cons that I care to admit. I will say that I found the setup for each tunnel a bit more tedious, but that may be my bias from years with OpenVPN. However, once I had multiple connections up and running in a load balance/fail-over configuration identical to my OpenVPN setup, I have to admit that it's not just a speed increase (150+ Mbps), but the fluctuation in speeds seems to have disappeared. Running any bandwidth testing program would result in ups and downs based on the network activity, CPU load and a million other factors at that moment running OpenVPN. Not a great deal mind you, but still there in the logs. This WireGuard setup is a constant download and upload speed almost every test, within a few Mbps. A much smaller margin.

I believe I'm a convert.

Share this post


Link to post
7 hours ago, SumRndmDude said:

[Wireguard vs. OpenVPN} it's not just a speed increase (150+ Mbps), but the fluctuation in speeds seems to have disappeared.


Hello!

Very important indeed. Thank you very much for the report!

Kind regard
 

Share this post


Link to post

I have the following problem.

I installed wireguard on the Synology DS920 +. Connection was there too and everything worked.

When I restarted Synology, Wireguard was running again, but no connection can be seen in my account. Even stopping and restarting Wireguard was unsuccessful.

Wireguard also works on my virtual machine (Ubuntu). Is it possible to route the traffic through the Ubuntu Virtual Machine on my Synology? Unfortunately I didn't find any help to realize that.

Greetings Alex

Share this post


Link to post

Hi team,

I notice it's not possible to assign more then one interface because the information to add to the new interface is exactly the same as the existing one.
This result in an error for the new interface saying the IPv4 Address already exist. the following information is the same:
 

Static IPv4 Configuration

IPv4 Address
10.168.17.169
IPv4 Upstream gateway
AirVPN - 10.168.17.169
 

Share this post


Link to post
8 hours ago, Unknown User said:

Hi team,

I notice it's not possible to assign more then one interface because the information to add to the new interface is exactly the same as the existing one.
This result in an error for the new interface saying the IPv4 Address already exist. the following information is the same:
 

Static IPv4 Configuration

IPv4 Address
10.168.17.169
IPv4 Upstream gateway
AirVPN - 10.168.17.169
 

I create an extra new key, i think that's the case in this setup:  Create new keys if you use the same account on more devices.

Share this post


Link to post
1 hour ago, Unknown User said:

I create an extra new key, i think that's the case in this setup:  Create new keys if you use the same account on more devices.


If you use multiple wireguard interface connections, a device has to be assigned to each:


 

Share this post


Link to post
1 hour ago, Jacker@ said:


If you use multiple wireguard interface connections, a device has to be assigned to each:


 

Indeed, but still the error when adding a new interface:
 

The following input errors were detected:

  • IPv4 address 10.169.65.218/10 is being used by or overlaps with: AIRVPNNL (10.169.65.218/10)
  • The gateway IP address "10.169.65.218" already exists.
IPv4 address 10.169.65.218/10 is generated on all new clients...

Share this post


Link to post
2 hours ago, Unknown User said:

IPv4 address 10.169.65.218/10 is generated on all new clients...


Did you add a new "device" here: https://airvpn.org/devices/? Then ensure you select different devices for each config you download. Each device has its own WireGuard IP - You can see it by clicking the "Details" button.

For the first error, you might need to change the /10 to /32 to avoid it. It shouldn't break anything since you're not going to be contacting other VPN users over the VPN (and I don't think that even works).

Share this post


Link to post
@Staff Are there any plans to allow users to provide their own private keys, so that you only have the public key on your end and are never in possession of the private key?

Share this post


Link to post
13 hours ago, Daniel15 said:

Did you add a new "device" here: https://airvpn.org/devices/? Then ensure you select different devices for each config you download. Each device has its own WireGuard IP - You can see it by clicking the "Details" button.

For the first error, you might need to change the /10 to /32 to avoid it. It shouldn't break anything since you're not going to be contacting other VPN users over the VPN (and I don't think that even works).

Ah that did the trick! Thanks Daniel i didn't known that there was a difference in the Details information.

Share this post


Link to post
Posted ... (edited)

Hello,

now Wireguard runs on my Synology has with DSM7, but Portforwarding don't work.

When I set

[Interface]
Address = 10.184.113.180/32
PrivateKey = XXX=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[PEER]
PublicKey = XXX=
PresharedKey =XXX=
Endpoint = 213.152.162.148:1637
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15

I became a error, because it doesen't work with the DSM 7 Linux Kernel

When I set 
[Interface]
Address = 10.184.113.180/32
PrivateKey = XXX=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[PEER]
PublicKey = XXX=
PresharedKey = XXX=
Endpoint = 213.152.162.148:1637
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
PersistentKeepalive = 15
root@DS920:/etc/wireguard# wg show
interface: wg0
  public key: XXX
  private key: (hidden)
  listening port: 45316

peer: XXX
  preshared key: (hidden)
  endpoint: 213.152.162.148:1637
  allowed ips: 0.0.0.0/1, 128.0.0.0/1
  latest handshake: 16 minutes, 31 seconds ago
  transfer: 92 B received, 17.72 GiB sent
  persistent keepalive: every 15 seconds


The connection work, but nothing is to see in the Client Area under connected devises and Portforwarding doesn't work.

When I set 

[Interface]
Address = 10.184.113.180/32
PrivateKey = XXX=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[PEER]
PublicKey = XXX=
PresharedKey = XXX=
Endpoint = 213.152.162.148:1637
AllowedIPs = 192.168.84.0/32
PersistentKeepalive = 15

The connection work, I see my Client in the Client Area under connected devices but Portforwarding doesn't work.

Can anybody help me? Edited ... by Alex0901
Ergänzung

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...