Created: 2021-03-30 Updated: 2021-11-03
After a recent conversation I realized that some folks have a narrow view of what can be done with Wireguard, and VPN connections in general. Though recently a number of toolsets/frameworks tailored for networking of containers or "bolt on zero-trust" networking have expanded that perception. My goal with this post is to highlight some software leveraging Wireguard, and to list a few different use-cases and reasons for using Wireguard (over traditional VPN or ZeroTier).
innernet is an opensource alternative to Tailscale or ZeroTier that can create a secure networks with minimal management overhead.
Tailscale is a zero config VPN with firewall rule management, allowing for a secure network layer on top of existing infrastructure.
Firezone is a Linux package to manage your WireGuard VPN and Linux firewall from a simple web interface.
PiVPN is an absolutely simple deployment and management script for Wireguard, well suited for a Raspberry Pi and other light weight deployments, with its simplicity taking after that of the Pi-Hole project.
Algo is a set if Ansible deployment scripts for building a personal Wireguard (or IPsec) VPN with support for many common cloud providers.
My most recent uses of Wireguard is with a non-forwarded client setup, creating a loose mesh network for devices on different LANs to communicate; and in some cases using a Nginx reverse proxy on the Wireguard VPN server to expose internal web applications to the internet.
Aside from a standard VPN or the above mesh, I've found that Wireguard works exceptionally on my phone. I can switch between cellular and WiFi without any noticed drops. And with mobile carriers getting heavy handed with "anonymized" data collection, ads, and apps heavy with telemetry; having an always on Wireguard VPN with Pi-Hole serving up DNS for the clients, I can audit and block access to unwanted resources.