My home network has a dedicated headless debian server with Linux, Mac machines and iPhones in the LAN. I want to establish a VPN to securely use a laptop or iPhone when out of the house. Connection to the internet is through a dedicated cable modem. My Netgear 7800 with OpenWrt 19.07 connects with the rest of my LAN thru wired & wifi.
I'm an experienced linux user, but new to VPN and have a few questions. The client machine will be the laptop and/or iPhone, but which is best to be the server -- the OpenWrt router or the text only Debian server? Ultimately, I'll want to access a video capable machine in the LAN (one of several). I think openvpn will be easier to install in the Debian server than the OpenWrt router, but don't really know the pros and cons? If I start in a poor way it can lead to a lot of work as I read in another thread. Comments and insights greatly appreciated!
I run WireGuard on a Rapsberry Pi4 (headless not that it matters) which runs in a linux container (lxc). I prefer this to OpenVPN on the same hardware which I have run for about 3 years. WG is easier to setup and the iOS app is just better (on-demand connections rock for my use cases). I don't think there's a wrong answer here. Either server is good.
Wireguard on your R7800. No question. I wouldn't even consider going down the OpenVPN route unless it's entirely necessary (which in the situation you've described it isn't).
I'm not familiar with WG, I'll have to look into it...I assume it does the same thing...provide a VPN connection. I don't see it in the Debian repositories. @darksky either the Debian server or the OpenWrt router is equally OK? Then I guess that just comes to ease of installation. I've read in some threads that speed is an issue over some hardware.
Yes, it does just that It should be available on Debian, but it'll be plenty fast enough on the R7800. And while having a VPN endpoint behind the router can be done it can make routing a little more complicated, easier to just have it on the router if possible.
Wireguard is indeed amazing. Transfer speed, latency, connection time and CPU overhead all leave OpenVPN far behind. However VPN plan options do not yet abound and it appears to require some care with implementation to maintain privacy.
With Wireguard, Azire added a blind operator mode to their servers to keep IP addresses private and NordVPN has come up with some sort of double NAT scheme (NordLynx) for the same reason. I've been happy with Azire on the desktop, but it's a non-starter for the home gateway, due to not working with Netflix. NordVPN does better staying ahead of the streaming services, but I've not seen a "NordLynx" implementation for OpenWrt yet.
I have no doubt Wireguard is the future, but some implementation details remain to be worked out. And they rapidly are being worked out. Just need to be aware of them is all.
It seems WG is the clear choice for client-server app, although I have read it's a little new and somewhat incomplete compared to openvpn. I'm still reading.
One really dumb follow up question. Is a VPN plan really necessary for a user like me who simply wants to access his home LAN from a remote location. Can't I just set up WG (or OpenVPN) and send my data thru the tunnel that they create in my existing ISP?
Thx all! Your answers and comments were clear and to the point. I'm running Mint on the laptop. WG is not in the standard repos, but available thru PPA. Also I see that it will be integrated with the future kernel (5.6 I think). So development is indeed fast. Will implement it for now thru a home server on the router and perhaps later look into VPN service providers to get some of the additional features. Marked this solved!
It should be available on Debian, but it'll be plenty fast enough on the R7800. And while having a VPN endpoint behind the router can be done it can make routing a little more complicated, easier to just have it on the router if possible.