I’d like to run a VPN locally, and am just double checking I understand the security correctly.
I want to run Wirwguard easy via Casaos on Ubuntu server.
My router will port forward a high port number, check daily for updates, and I’ll update the server weekly.
Is there anything I’m missing?
Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.
I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.
+1 on not using containers.for Network routing stuff That way lies pain and misery.
Fair enough. I’ve had success with it though. I should probably just use the official wireguard not wg-easy