[Starlink] starlink and VPN
Keith Simonsen
blakangel at gmail.com
Tue Jan 21 11:14:07 EST 2025
On 1/21/2025 7:22 AM, David Lang wrote:
> b. angel wrote:
>
>> David,
>>
>> I gave up on open VPN and starlink a while ago. I've implemented
>> wireguard
>> tunnels with success and reliability.
>
> did you end up having to do anything with MTU? Did you use TCP or UDP
> for your transport?
It's UDP only. Standard wireguard config. I have links using PFSense to
PFSense, Mikrotik to PFSense and Mikrotik Mikrotik all with good
performance and months long reliability. Both permanent site-site
circuits and "road warrior" style.
In PFSense when you set up a wireguard interface it sets the MTU to 1420
and MSS to 1380. This depends on your WAN link of course.
If your clients are needing OpenVPN you can make a "jumpbox" to
terminate the Starlink wireguard circuits and set up an OpenVPN server
routing to them. I've implemented this setup for one location.
>
> David Lang
Keith
>
>> Keith
>>
>> On Mon, Jan 20, 2025, 23:25 David Lang via Starlink <
>> starlink at lists.bufferbloat.net> wrote:
>>
>>> has anyone done any work with openvpn over starlink (especially if they
>>> got the
>>> connectors to completely bypass the router)?
>>>
>>> I've got the basic connectivity working, but am having problems
>>> trying to
>>> get
>>> openvpn to work (especially for traffic back through the cgnat to the
>>> router on
>>> the starlink side)
>>>
>>> the logs on the client are reporting link local: (not bound) when
>>> trying
>>> UDP,
>>> when I try TCP (and clamp the mtu low) I can connect from the starlink
>>> side (st
>>> least sometimes) but cannot get the routing the other way to work
>>>
>>> David Lang
>>> _______________________________________________
>>> Starlink mailing list
>>> Starlink at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/starlink
>>>
>>
More information about the Starlink
mailing list