Network Protection Questions: WireGuard vs OpenVPN, VPN Router vs Raspberry PI, DDoS

Hello Reddit Users,

I have a few questions regarding network protection.

  1. From my understanding, WireGuard is a lightweight protocol that seems to be just slightly more secure than OpenVPN in some cases. Outside of WireGuard practically forcing all your endpoints to upgrade if a problem is found and it storing user IP addresses on the server, why don’t more people use WireGuard? Is it mainly due to some VPN services not being able to offer a plausible solution for it like creating a double-NAT, or is it something else entirely?

  2. Currently, I own a random normal router but I was considering creating a VPN server off of a Raspberry PI and connecting it to my existing router or purchasing a VPN router all together. I don’t personally know anyone who has done either of these things and would like a recommendation. I would mainly use it for personal/work from home use on my computer, cell, and gaming console. I’ve heard its convenient to have the VPN Server on the Raspberry PI because you can just connect to the router for work use, then just go back to the VPN Server for personal use but I’m not sure if the VPN Router has capabilities like that. Can someone provide me some recommendations?

  3. Lastly, when I play on my gaming console, there are times where I get DDoSed on gaming servers. Its super annoying and I don’t constantly want to connect my computer to my gaming system, then apply the VPN that way. Is creating a rule on my firewall to decline ICMP messages be the answer to this? I have been hearing contradicting answers about how it can or cant prevent yourself from being DDoSed and how impactful it can be for network monitoring. Any advice?

Thank you in advance for taking the time to read and answer my questions.

why don’t more people use WireGuard?

It is not very old and battle-tested like OpenVPN and others. Also, it has no authentication possible. If someone gets controls of the endpoint, they have access, no password no 2FA.

I’ve heard its convenient to have the VPN Server on the Raspberry PI because you can just connect to the router for work use, then just go back to the VPN Server for personal use but I’m not sure if the VPN Router has capabilities like that

I did not understand what you mean at all. Can you rephrase?

Can someone provide me some recommendations?

My path has been to host a Wireguard VPN on a Pi. Then, my network needs grew, so I bought a router, installed PfSense on it, bought a WiFi Access Point, and now my router hosts the VPN server. PfSense can also host OpenVPN, IPsec, and L2TP if you prefer.

Lastly, when I play on my gaming console, there are times where I get DDoSed on gaming servers

Are you sure you get DDoSed and it is not the game server that gets DoSed? Also, there is a difference between DoS and DDoS.

If the game server gets (D)DoSed, there is nothing you can do. And unless you click on random links or give your IP address, you should not get (D)DoSed.

Is creating a rule on my firewall to decline ICMP messages be the answer to this?

AFAIK no. Your router (like any router not made by an idiot) should already block all incoming messages by default. If your router responds to ICMP messages from the Internet, make a rule to block them, then switch to a better router because your current one is bad.

Any advice?

Get a more powerful router / play different games / play games that do not require Internet.

Thanks for posting your question to /r/PrivacyGuides! Make sure you’ve read our website if you haven’t already, your question might have already been answered. If you do find an answer there, reply with a link to the page to help others out too! If you don’t get the answer you’re looking for here, you can also try asking on our forum, it’s a great place to seek advice and share knowledge outside of Reddit.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

For ddosing blocking ICMP won’t do anything since most people will either flood you with amps, DNS floods, LDAP floods, etc.

Really you’re only option for using a VPN while gaming is to 1) continue your current method or 2) install a VPN on the router

I have a VPN router. I recommend GL-iNet routers or TP-Link. I think Asus might be able to do it but you have to check the router specs before you buy. Not all routers can do it. I myself have a GL-iNet router with Mullvad or Nord on it.

I did not understand what you mean at all. Can you rephrase?

I meant using a RaspberryPi to host an OpenVPN or WireGuard setup using PiVPN but you covered that pretty well with the following comment

Are you sure you get DDoSed and it is not the game server that gets DoSed? Also, there is a difference between DoS and DDoS.

I did mean to say DoS, sorry about the confusion

Get a more powerful router / play different games / play games that do not require Internet.

Is there any router in particular you recommend?

I’ve actually been leaning towards offline play for quite a bit. I have been collecting video games + gaming consoles (PS1-5, Xbox-Xbox360, GBA Color- GBA SP, DS, 3DS Nintendo 64-Switch, etc) and still play them here and there. It’s just hard to let go of certain online play due to friends I’ve known forever.

Thank you for your advice btw, I appreciate you :folded_hands:

Thank you for the advice IcePal! Its time for a new router :sweat_smile:

No worries. When you get (D)DoSed, can you access other Internet pages? Or is your Internet down?
If you have Internet access, it is the server that has problems and there is nothing you can do about it. If you lose Internet, then you are right and you got attacked.

About router recommendation, a safe choice is any sold by Netgate (the company behind PfSense). But any machine with a few Ethernet ports should work. I bought one from Qotom on Amazon and it works well.
But it cannot prevent you from getting DoS attacks. It should however respond a little better. If you do not want features such as VPN server, DDNS, advertisment filter, etc, then buying a router is likely overkill.

I suggest installing PfSense in a VM first to see if you want it. An alternative is OPNSense. Both are great.

No worries. When you get (D)DoSed, can you access other Internet pages? Or is your Internet down?

There has been instances where I can’t access the internet at all for up to an hour and I’m 100% sure it was from playing my gaming console because I wasn’t doing anything else at the time. However, a majority of the time I just get kicked out the game itself and I’m able to access another one immediately.

About router recommendation, a safe choice is any sold by Netgate (the company behind PfSense). But any machine with a few Ethernet ports should work. I bought one from Qotom on Amazon and it works well.

I will definitely be looking into Netgate and Qotom.

I suggest installing PfSense in a VM first to see if you want it. An alternative is OPNSense. Both are great.

I’ll most likely try PfSense out within my personal VM. I’ve done some PfSense configuration in the past within a virtualized environment whenever I took a course on Cyber Physical Systems at my university but never applied it on my personal devices. Now that I have more free time, it’s definitely time to apply these changes.