When setting up wire guard as home server to connect to which port are you using?
I can't use it when at the hospital on NHS WiFi network they blocking the default port or traffic I guess.
 
When setting up wire guard as home server to connect to which port are you using?
I can't use it when at the hospital on NHS WiFi network they blocking the default port or traffic I guess.
A lot of public hotspots will lock down outbound access to those needed for the very basics. So generally you can access DHCP(6), DNS 53 TCP/UDP (sometimes captive portalled/hijacked), 80/TCP, 443 TCP/UDP and usually 8080/TCPC. You can sometimes also access IPSEC ports but don't bank on it. When running a WireGuard server for home access, I've found 443/UDP is the best bet, as that'll be accessible from almost anywhere you can get online.
 
A lot of public hotspots will lock down outbound access to those needed for the very basics. So generally you can access DHCP(6), DNS 53 TCP/UDP (sometimes captive portalled/hijacked), 80/TCP, 443 TCP/UDP and usually 8080/TCPC. You can sometimes also access IPSEC ports but don't bank on it. When running a WireGuard server for home access, I've found 443/UDP is the best bet, as that'll be accessible from almost anywhere you can get online.
udp works on port 443? i thought that port was tcp only and it would get blocked if udp traffic was seen on it
 
Is it safe though to have port 443 exposed?
Define 'safe'. Short of unplugging the Ethernet cable and airgapping your machine, it's always going to be exposed to the Internet one way or another. WireGuard is a very small, well audited codebase with a lot of security baked in. It's a silent/stealth protocol, and doesn't reply at all unless an acceptable cryptographic key is sent with the solicitation/packet. Any baddies or bots probing your ports will get nothing back whether the port is closed, or open with WG running behind it. They also tend to hit 443/tcp rather than udp.
 
Define 'safe'. Short of unplugging the Ethernet cable and airgapping your machine, it's always going to be exposed to the Internet one way or another. WireGuard is a very small, well audited codebase with a lot of security baked in. It's a silent/stealth protocol, and doesn't reply at all unless an acceptable cryptographic key is sent with the solicitation/packet. Any baddies or bots probing your ports will get nothing back whether the port is closed, or open with WG running behind it. They also tend to hit 443/tcp rather than udp.

Yep this worked port 443 getting through NHS WiFi with the wire guard. Thanks for that tip.
 
Like several VPN brands these days, PIA is now owned by a malvertising company. Look to Air, Mullvad, Azire, Proton or Windscribe for a 'clean' VPN. If streaming is important to you, read each site carefully.
Thanks for the reply.
That was the first thing I found out about PIA when I started researching them.
Considering how much more scrutiny that would put them under I would have thought that any dodginess would have come to light if the parent company was up to it's old tricks.
But yeah, definitely a big tick in the against column, thanks.
 
I read somewhere that if a VPN is free, then you’re the product, not the service. It’s something to take seriously and be cautious about when choosing a VPN
Yes mate, very true especially in regards to social media.

But in this case there is a difference between totally free and luring customers in with a heavily discounted introductory deal.
The company then makes their money when the deal ends and the customers automatically get put on the standard rate, many either forget or can't be bothered changing providers so just keep paying over the odds.

I've wasted so much money on a Virgin Media TV service that I rarely used and never wanted but was given free for a year with their broadband service.:rolleyes:

Now I always cancel any auto-renewal at the earliest opportunity.
 
PIA is currently around £2 for 2 years if via cashback from topcashback. Its worth it if for streaming services at least.
I have very mixed feelings when it comes to PIA, hiring Mark after the Mt.Gox fiasco along with the questionable ownership/links to very dubious other activities should cause any reasonable person to pause for thought, right while you're doing that consider that they rent - rather than own - servers and publish the details which means they have a nasty tendency to end up on black lists quickly. I mean as a paid service, if all you want to do is watch a questionable stream now, and again they will absolutely do that job at a very cheap price, but if you actually value privacy, shop elsewhere. The irony is, as I type this my connection is via PIA (stop laughing, I didn't actually pay for it).
 
Last edited:
Do any of the big VPN companies (other than Mullvad) give you a WireGuard config file to use outside of their own app?

I’m currently running PIA via Openvpn on a headless single-board server, but download speeds are considerably lower than I know I can get with WireGuard on its anaemic CPU. Sadly PIA still refuse to hand out WG configs, despite happily giving out OVPN files.
 
Last edited:
Do any of the big VPN companies (other than Mullvad) give you a WireGuard config file to use outside of their own app?

I’m currently running PIA via Openvpn on a headless single-board server, but download speeds are considerably lower than I know I can get with WireGuard on its anaemic CPU. Sadly PIA still refuse to hand out WG configs, despite happily giving out OVPN files.
Loads of reputable companies offer manual WireGuard configs. A few of those - with decent privacy reputations, but not necessarily good for streaming services, so do check - are AirVPN, AzireVPN, IVPN, Mullvad (as you know), OVPN, ProtonVPN and Windscribe.
 
  • Like
Reactions: Cob
Back
Top Bottom