[Starlink] starlink and VPN

David Lang david at lang.hm
Tue Jan 21 11:45:33 EST 2025 

Keith Simonsen wrote:

> On 1/21/2025 7:22 AM, David Lang wrote:
>> b. angel wrote:
>> 
>>> David,
>>> 
>>> I gave up on open VPN and starlink a while ago. I've implemented wireguard
>>> tunnels with success and reliability.
>> 
>> did you end up having to do anything with MTU? Did you use TCP or UDP for 
>> your transport?
> It's UDP only. Standard wireguard config. I have links using PFSense to 
> PFSense, Mikrotik to PFSense and Mikrotik Mikrotik all with good performance 
> and months long reliability. Both permanent site-site circuits and "road 
> warrior" style.
>
> In PFSense when you set up a wireguard interface it sets the MTU to 1420 and 
> MSS to 1380. This depends on your WAN link of course.
>
> If your clients are needing OpenVPN you can make a "jumpbox" to terminate the 
> Starlink wireguard circuits and set up an OpenVPN server routing to them. 
> I've implemented this setup for one location.

my immediate use case is that I've got a friend who is retiring who will be 
traveling in his RV and as I'm his 'tech support' I need to set things up so 
that I can 'reach in' to maintain and fix things. I talked him through getting 
starlink up and running, his new laptop arrives today and I've setup various IoT 
devices that connect to wifi. He had a wndr3800 and Pi setup so that he could 
connect the Pi to campground wifi and have everything run through that (the 
starlink will greatly simplify that) and I'm giving him a newer router and 
updated pi.

David Lang

>> 
>> David Lang
> Keith
>> 
>>> Keith
>>> 
>>> On Mon, Jan 20, 2025, 23:25 David Lang via Starlink <
>>> starlink at lists.bufferbloat.net> wrote:
>>> 
>>>> has anyone done any work with openvpn over starlink (especially if they
>>>> got the
>>>> connectors to completely bypass the router)?
>>>> 
>>>> I've got the basic connectivity working, but am having problems trying to
>>>> get
>>>> openvpn to work (especially for traffic back through the cgnat to the
>>>> router on
>>>> the starlink side)
>>>> 
>>>> the logs on the client are reporting link local: (not bound) when trying
>>>> UDP,
>>>> when I try TCP (and clamp the mtu low) I can connect from the starlink
>>>> side (st
>>>> least sometimes) but cannot get the routing the other way to work
>>>> 
>>>> David Lang
>>>> _______________________________________________
>>>> Starlink mailing list
>>>> Starlink at lists.bufferbloat.net
>>>> https://lists.bufferbloat.net/listinfo/starlink
>>>> 
>>> 
>
>

More information about the Starlink mailing list