I recently setup a WireGuard compatible VPN on DO using this: https://github.com/trailofbits/algo
It was a pretty straightforward experience overall.
Here is the readable non medium version : https://outline.com/te4tnL
I’ve migrated a lot of my connections from OpenVPN to WireGuard. Wireguard felt easier, but it might just be that I’m very comfortable with debugging firewall problems due to working with OpenVPN.
There are several glaring issues with Wireguard. It doesn’t use DNS. If you have a dynamic host at one end, you have to have a cron script that resets the wireguard connection when the DNS changes (they have one in the wireguard repo in the contrib folder). That should really be built in.
Wireguard doesn’t bind to an adapter. It always binds to 0.0.0.0. The author claims it shouldn’t matter since WG will not respond without a valid key on an incoming packet. The issues is that you could have incoming traffic on one IP and outgoing traffic on an entirely different IP .. and this won’t be apparent when running wg
Over all WG is nice and the benchmarks I’ve seen show it’s faster than OpenVPN, but there are still a lot of configuration issues they should solve and road-warrior setups need to be better.
I am using https://github.com/naggie/dsnet to set up wireguard. It was posted here a few months ago and it works pretty good so far.