From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.lang.hm (syn-045-059-245-186.biz.spectrum.com [45.59.245.186]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 596B73B2A4 for ; Tue, 21 Jan 2025 11:45:34 -0500 (EST) Received: from [10.2.2.53] (unknown [10.2.2.53]) by mail.lang.hm (Postfix) with ESMTP id 6BEA11F1062; Tue, 21 Jan 2025 08:45:33 -0800 (PST) Date: Tue, 21 Jan 2025 08:45:33 -0800 (PST) From: David Lang To: Keith Simonsen cc: David Lang , starlink@lists.bufferbloat.net In-Reply-To: <5ce2978f-1b14-44af-8b89-69a17725c5c4@gmail.com> Message-ID: References: <269839o2-003o-1756-8r28-3on7q7nsrn54@ynat.uz> <36r7n950-4qs8-1p06-3595-95or55n5p181@ynat.uz> <5ce2978f-1b14-44af-8b89-69a17725c5c4@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: Re: [Starlink] starlink and VPN X-BeenThere: starlink@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Starlink has bufferbloat. Bad." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2025 16:45:34 -0000 Keith Simonsen wrote: > On 1/21/2025 7:22 AM, David Lang wrote: >> b. angel wrote: >> >>> David, >>> >>> I gave up on open VPN and starlink a while ago. I've implemented wireguard >>> tunnels with success and reliability. >> >> did you end up having to do anything with MTU? Did you use TCP or UDP for >> your transport? > It's UDP only. Standard wireguard config. I have links using PFSense to > PFSense, Mikrotik to PFSense and Mikrotik Mikrotik all with good performance > and months long reliability. Both permanent site-site circuits and "road > warrior" style. > > In PFSense when you set up a wireguard interface it sets the MTU to 1420 and > MSS to 1380. This depends on your WAN link of course. > > If your clients are needing OpenVPN you can make a "jumpbox" to terminate the > Starlink wireguard circuits and set up an OpenVPN server routing to them. > I've implemented this setup for one location. my immediate use case is that I've got a friend who is retiring who will be traveling in his RV and as I'm his 'tech support' I need to set things up so that I can 'reach in' to maintain and fix things. I talked him through getting starlink up and running, his new laptop arrives today and I've setup various IoT devices that connect to wifi. He had a wndr3800 and Pi setup so that he could connect the Pi to campground wifi and have everything run through that (the starlink will greatly simplify that) and I'm giving him a newer router and updated pi. David Lang >> >> David Lang > Keith >> >>> Keith >>> >>> On Mon, Jan 20, 2025, 23:25 David Lang via Starlink < >>> starlink@lists.bufferbloat.net> wrote: >>> >>>> has anyone done any work with openvpn over starlink (especially if they >>>> got the >>>> connectors to completely bypass the router)? >>>> >>>> I've got the basic connectivity working, but am having problems trying to >>>> get >>>> openvpn to work (especially for traffic back through the cgnat to the >>>> router on >>>> the starlink side) >>>> >>>> the logs on the client are reporting link local: (not bound) when trying >>>> UDP, >>>> when I try TCP (and clamp the mtu low) I can connect from the starlink >>>> side (st >>>> least sometimes) but cannot get the routing the other way to work >>>> >>>> David Lang >>>> _______________________________________________ >>>> Starlink mailing list >>>> Starlink@lists.bufferbloat.net >>>> https://lists.bufferbloat.net/listinfo/starlink >>>> >>> > >