A rather long title but the post is about self-hosted open-source mesh VPN with IPv6 support and works with nodes behind CGNAT! This will be a long post documenting the concept of mesh VPN, the problem it is solving as well as a working demo. If you are not planning to deploy it right away, you can skip the post after the “Configs and setup” section.
Problem I am running a site-to-site VPN for a long time between various servers located far away from each other.
CERT-IN i.e Computer Emergency Response Team, India issued new guidelines on 28th April. Guidelines essentially ask those VPN providers to keep a log of customer details, their IP addresses, emails, phone numbers etc and maintain that log for at least 5 years. The detailed notification is here.
This not only extends to VPN players but also to datacenters, VPS, cloud service providers etc. I can understand the problem they are trying to solve as most criminal activities are hidden behind VPN players and investigating agencies just hit a dead end as they see the WAN IP of a VPN player.
Day 16 of lockdown here in Haryana due to Covid19. Time for some distraction.
Last week it was reported that Wireguard will be added in next version of Linux kernel. I have been using Wireguard from over a year and it has been working great. I replaced OpenVPN with Wireguard for both site to site VPN as well as client-server VPN. If you are looking for a free open source VPN for remote employees or just connecting to your own remote servers Wireguard can be a really good candidate.
Sitting at Kolkata airport. Noticed the usual “Free Wifi in the area!” message and connected to Tata Docomo Free wifi. Performance was quite poor. Two key issues with wifi:
Using of only 2.4Ghz (802.11b/g/n with 20Mhz channel). No AP with 5Ghz box. (Click here to view scanner data). Should have been 5Ghz Entire traffic is getting tunnel via Mumbai i.e West India (while I am sitting on Eastern side). Adding up to latency and performance significantly.
I have been using OpenVPN from quite sometime and very much like it. Earlier I was running OpenVPN client on TP Link 1043nd router and that worked great. But recently I switched home routing to Microtik Map2N which has much better VLAN & IPv6 support. Since then I had trouble in getting VPN back live. I can always use VPN client on laptop but that’s ugly for daily use specially when this is my primary work location!