As some anecdata, I work in facilities with hundreds of non-tech folks using USB-C Yubikeys and we see multiple bent connectors daily. Granted, our userbase isn’t known for treating electronics kindly…
I believe you need escalated privileges (I don’t know which capability, specifically) for intervals under a certain point. The author was running as root.
Port forwarding not working from inside the gateway sounds like it’s not doing hairpin NAT by default. I’m running a NixOS home router pair, not currently doing any port forwarding but now I’ll have to check that tonight, if nothing else people might appreciate an option for it.
I can’t promise any specific advice, but as someone who runs a number of self-hosted services for mostly ideological purposes (see https://compose.seedno.de/ for a subset) and works professionally in networking, I’m always happy to chat about my own experiences and suggestions!
Feel free to email me at lab (at) seedno.de to chat!
Are you just looking to set it up with iOS and Windows clients? If the Wireguard server is running Linux, an easy way to copy the config over to an iOS or Android device is to use qrencode. For example, `qrencode -t ansiutf8 < $config_file` will output a QR code that can be scanned from the Wireguard app to automatically import as a new tunnel.
I used StavrosK's guide (thank you!) to put together two scripts a while back, one for generating a new server config file, and one to generate a new client config, outputting the config to a file as well as to a QR code on stdout. You can copy the client.conf file over to the Windows machine and import the configuration via the "Import tunnel(s) from file..." option in the Wireguard client, or scan the QR code output from the mobile device clients via "Create from QR code".
Here's my script for generating a client cert: https://cdn.seedno.de/txt/wireguard-certgen. It assumes Wireguard is already configured on the server on interface wg0, and is using the default port of 51820/UDP, though both are configurable via variables. For reference, the accompanying setup script is https://cdn.seedno.de/txt/wireguard-setup. Both scripts require a bit of customization to match your environment (you may want to be particularly careful with the iptables firewall PostUp/PostDown commands), but hopefully they can serve as a starting point to figure out any issues you encountered last time you tried.
I've been using the pre-alpha builds since I saw them posted a week or two ago. They've been reliable so far for my simple use cases, and it's nice to move off of a third party Windows client.
The HP Stream 7, a tablet released in late 2014 on the 64-bit Atom Z3735G, shipped with 32-bit Windows. This was presumably to avoid the memory overhead of 64-bit pointers, as it came with 1GB of RAM, so every bit counted.
