From: Keith Simonsen <blakangel@gmail.com>
To: David Lang <david@lang.hm>
Cc: starlink@lists.bufferbloat.net
Subject: Re: [Starlink] starlink and VPN
Date: Tue, 21 Jan 2025 08:14:07 -0800 [thread overview]
Message-ID: <5ce2978f-1b14-44af-8b89-69a17725c5c4@gmail.com> (raw)
In-Reply-To: <36r7n950-4qs8-1p06-3595-95or55n5p181@ynat.uz>
On 1/21/2025 7:22 AM, David Lang wrote:
> b. angel wrote:
>
>> David,
>>
>> I gave up on open VPN and starlink a while ago. I've implemented
>> wireguard
>> tunnels with success and reliability.
>
> did you end up having to do anything with MTU? Did you use TCP or UDP
> for your transport?
It's UDP only. Standard wireguard config. I have links using PFSense to
PFSense, Mikrotik to PFSense and Mikrotik Mikrotik all with good
performance and months long reliability. Both permanent site-site
circuits and "road warrior" style.
In PFSense when you set up a wireguard interface it sets the MTU to 1420
and MSS to 1380. This depends on your WAN link of course.
If your clients are needing OpenVPN you can make a "jumpbox" to
terminate the Starlink wireguard circuits and set up an OpenVPN server
routing to them. I've implemented this setup for one location.
>
> David Lang
Keith
>
>> Keith
>>
>> On Mon, Jan 20, 2025, 23:25 David Lang via Starlink <
>> starlink@lists.bufferbloat.net> wrote:
>>
>>> has anyone done any work with openvpn over starlink (especially if they
>>> got the
>>> connectors to completely bypass the router)?
>>>
>>> I've got the basic connectivity working, but am having problems
>>> trying to
>>> get
>>> openvpn to work (especially for traffic back through the cgnat to the
>>> router on
>>> the starlink side)
>>>
>>> the logs on the client are reporting link local: (not bound) when
>>> trying
>>> UDP,
>>> when I try TCP (and clamp the mtu low) I can connect from the starlink
>>> side (st
>>> least sometimes) but cannot get the routing the other way to work
>>>
>>> David Lang
>>> _______________________________________________
>>> Starlink mailing list
>>> Starlink@lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/starlink
>>>
>>
next prev parent reply other threads:[~2025-01-21 16:14 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-21 7:25 David Lang
2025-01-21 11:43 ` David Collier-Brown
2025-01-21 15:12 ` b. angel
2025-01-21 15:22 ` David Lang
2025-01-21 15:27 ` Sebastian Moeller
2025-01-21 15:36 ` Nils Andreas Svee
2025-01-21 15:45 ` David Lang
2025-01-21 16:14 ` Keith Simonsen [this message]
2025-01-21 16:45 ` David Lang
2025-01-21 15:36 ` Gert Doering
2025-01-21 15:52 ` David Lang
2025-01-21 23:02 ` Dino Farinacci
2025-01-22 22:53 ` Dave Taht
2025-01-22 23:25 ` Dino Farinacci
2025-01-22 23:29 ` Darrell Budic
2025-01-22 23:42 ` Dino Farinacci
2025-01-23 3:10 ` David Lang
2025-01-23 17:31 ` J Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/starlink.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5ce2978f-1b14-44af-8b89-69a17725c5c4@gmail.com \
--to=blakangel@gmail.com \
--cc=david@lang.hm \
--cc=starlink@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox