From: David Lang <david@lang.hm>
To: Keith Simonsen <blakangel@gmail.com>
Cc: David Lang <david@lang.hm>, starlink@lists.bufferbloat.net
Subject: Re: [Starlink] starlink and VPN
Date: Tue, 21 Jan 2025 08:45:33 -0800 (PST) [thread overview]
Message-ID: <opnr0o2p-46qs-0905-539p-ooo34p3p658q@ynat.uz> (raw)
In-Reply-To: <5ce2978f-1b14-44af-8b89-69a17725c5c4@gmail.com>
Keith Simonsen wrote:
> On 1/21/2025 7:22 AM, David Lang wrote:
>> b. angel wrote:
>>
>>> David,
>>>
>>> I gave up on open VPN and starlink a while ago. I've implemented wireguard
>>> tunnels with success and reliability.
>>
>> did you end up having to do anything with MTU? Did you use TCP or UDP for
>> your transport?
> It's UDP only. Standard wireguard config. I have links using PFSense to
> PFSense, Mikrotik to PFSense and Mikrotik Mikrotik all with good performance
> and months long reliability. Both permanent site-site circuits and "road
> warrior" style.
>
> In PFSense when you set up a wireguard interface it sets the MTU to 1420 and
> MSS to 1380. This depends on your WAN link of course.
>
> If your clients are needing OpenVPN you can make a "jumpbox" to terminate the
> Starlink wireguard circuits and set up an OpenVPN server routing to them.
> I've implemented this setup for one location.
my immediate use case is that I've got a friend who is retiring who will be
traveling in his RV and as I'm his 'tech support' I need to set things up so
that I can 'reach in' to maintain and fix things. I talked him through getting
starlink up and running, his new laptop arrives today and I've setup various IoT
devices that connect to wifi. He had a wndr3800 and Pi setup so that he could
connect the Pi to campground wifi and have everything run through that (the
starlink will greatly simplify that) and I'm giving him a newer router and
updated pi.
David Lang
>>
>> David Lang
> Keith
>>
>>> Keith
>>>
>>> On Mon, Jan 20, 2025, 23:25 David Lang via Starlink <
>>> starlink@lists.bufferbloat.net> wrote:
>>>
>>>> has anyone done any work with openvpn over starlink (especially if they
>>>> got the
>>>> connectors to completely bypass the router)?
>>>>
>>>> I've got the basic connectivity working, but am having problems trying to
>>>> get
>>>> openvpn to work (especially for traffic back through the cgnat to the
>>>> router on
>>>> the starlink side)
>>>>
>>>> the logs on the client are reporting link local: (not bound) when trying
>>>> UDP,
>>>> when I try TCP (and clamp the mtu low) I can connect from the starlink
>>>> side (st
>>>> least sometimes) but cannot get the routing the other way to work
>>>>
>>>> David Lang
>>>> _______________________________________________
>>>> Starlink mailing list
>>>> Starlink@lists.bufferbloat.net
>>>> https://lists.bufferbloat.net/listinfo/starlink
>>>>
>>>
>
>
next prev parent reply other threads:[~2025-01-21 16:45 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-21 7:25 David Lang
2025-01-21 11:43 ` David Collier-Brown
2025-01-21 15:12 ` b. angel
2025-01-21 15:22 ` David Lang
2025-01-21 15:27 ` Sebastian Moeller
2025-01-21 15:36 ` Nils Andreas Svee
2025-01-21 15:45 ` David Lang
2025-01-21 16:14 ` Keith Simonsen
2025-01-21 16:45 ` David Lang [this message]
2025-01-21 15:36 ` Gert Doering
2025-01-21 15:52 ` David Lang
2025-01-21 23:02 ` Dino Farinacci
2025-01-22 22:53 ` Dave Taht
2025-01-22 23:25 ` Dino Farinacci
2025-01-22 23:29 ` Darrell Budic
2025-01-22 23:42 ` Dino Farinacci
2025-01-23 3:10 ` David Lang
2025-01-23 17:31 ` J Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/starlink.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=opnr0o2p-46qs-0905-539p-ooo34p3p658q@ynat.uz \
--to=david@lang.hm \
--cc=blakangel@gmail.com \
--cc=starlink@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox