I have an old Pi 3 installed at my mother-in-law's house running Tailscale (which uses WireGuard as its actual VPN layer). It is connected to my Tailnet along with my Jellyfin server, and I have nginx set up as a reverse proxy to expose the Jellyfin server on the LAN IP of the Pi. This way, she and her sons can access my Jellyfin server as if it were on their LAN - great option for non technical relatives.
This setup has been in place about a year now and just works. The Pi can handle about 50 Mbit bidirectional over WireGuard, which is suffient even for a couple of 4K media streams. I am planning to duplicate this setup at some other relatives' homes.
Boot from a USB SSD instead. I get literally 100x the IOPS over the reasonably fast SD cards I used. Things like apt-get upgrade take seconds instead of many minutes. It’s an entirely different experience.
Get as big of an SD card as you can from a known good company ( I think I have a 256GB card in mine). Turn off as many logging services as you can. You should be able to find several guides on the internet on how to limit writes to the SD card and that combined with a big card with decent wear leveling should last for years, mine has.
Is it possible your SD cards are fake? I did full disk writes till destruction and got 1000 cycles with a Sandisk Ultra (their cheapest line of microSD cards)
That should be enough for 10 years under a typical Pi workload like writing and compacting logs.
Because an 8gb rpi4 costs close to $160. You can buy a m920q i3 with more compute- and with a similar amount of RAM (Conversion losses, Storage, and then Cooling or RAM(a few watts per 8gb) are the largest power consumers) and it can do a lot more than 50mbit. It might actually use less power than the rpi4. And, it could replace whatever is powering the TV display.
Of course, choose your power supply badly and both those sub 10W machines will be 50W at the wall.
I also thought that Tailscale would probably incur some type of charges after using it that much, though Im not super familiar with their free tier policies and how sustainable they are in the long-term.
Tailscale sets up point-to-point WireGuard VPNs and only proxies through their relay servers when they can't establish a direct connection. In my experience that's pretty rare, Tailscale tries a whole bunch of NAT traversal tricks before falling back to relay mode.
Their free tier is pretty generous because it's basically a way for Tailscale to get homelabbers hooked on the product so they'll recommend a corporate plan at work. They even state as much: https://tailscale.com/blog/free-plan
The Pi 3 was essentially free to me because I already had it on a shelf. When I duplicate this setup at some other relatives' homes, I'm planning on using an Orange Pi Zero 3 ($30 CAD, quad core A53, gig of RAM, gigabit Ethernet).
- You're replying to a thread about someone using a 1GB Pi 3 to stream multiple 4K movies. It's $44 on Amazon including fast shipping. Cheaper on eBay if you can wait 3 days.
- The 8GB Pi 4 is $75 on canakit, not $160.
Anyway if you want more compute (on an edge device? why?), why not grab a AM4 board and CPU for like $80 each? That's 25W at the wall and gives you a ton of flexibility if you later wanna repurpose the machine adding GPUs, NVMe, SAS enclosures, etc
Bizarre. MicroSD cards are $5 on Amazon. I figured everyone has a bunch of spare 5V 2.5A PSUs in the box of wall warts in their garage, but maybe that's a bad assumption. $5 for a brand new PSU and $15 canakit shipping. So it's $100 total if you didn't care at all about cost and bought the most expensive Pi for use as an edge device for no technical reason.
Why would you need a heatsink unless you use a case? Why would you use a case? That price tag is entirely self inflicted
One of the GL.iNet travel routers [1] would probably work for you. They run OpenWRT (or a thin veneer around it), so you can SSH in and install packages and whatnot. They explicitly advertise Wireguard-based VPN support.
I don't have one of their travel routers, but I have a Flint 2.
The Rockchip in the R6S is very powerful, though depending on what you want to do there may be better options. The R6S doesn't have hardware offloading in OpenWrt. Many Mediatek Filogic SoCs do, so they can do NAT, routing, PPPoE, etc. while the CPU is almost idle. Banana Pi R3/R4 are good options or if you want something that is more of a ready-to-use product and doesn't requite SFP modules, the GL.iNet MT-6000 is really cool: https://www.gl-inet.com/products/gl-mt6000/
Runs their fork of OpenWrt with a user-friendly interface (though LuCi is also available) and you can also flash vanilla OpenWrt. They also have smaller travel models.
Of course if you use stuff that needs to run on the CPU (like Cake), then the R6S will be faster.
I personally own a Banana Pi R3 as my main router and it's awesome. Unfortunately, it is pricey and pretty big for a travel router (besides the fact that it must be assembled). The MT6000 is even bigger. And you have to carry an extra power supply.
For traveling I use a Gl.inet Beryl (GL-MT1300), which is nice, but not very powerful. Nowadays I would probably go for a GL-MT3000[1], if there wasn't the NanoPi R5C, which is small, powerful, supports OpenWRT and has Wifi.
As a note: I thought about having Wifi via USB, but the stability and performance of USB-Wifi is nowhere near the integrated / miniPCIe stuff. So if wifi is a requirement, this might be important.
PlayStation store is not available in many regions, mine included. Not that I personally care, it doesn't make sense to support businesses that treat you like a lesser being.
Low power, fairly cheap, x86 based, onboard NIC (sometime 2), NVME/Sata and large memory support for lots of containers/etc. Also, low power draw! :-) I've been loving my H2+'s and I got some H4s in I need to find time to play with...
Yeah, GL.iNet GL-AR300M16-Ext is perfect for this purpose, very affordable and compact. You can configure the wireguard client, and then "Block non-VPN traffic" so it allows ONLY connecting through the VPN. Very handy! GL-SFT1200 should be a great option as well, currently the cheapest GL.iNet markets for their "travel AP" line, and you can run Tailscale on it[0]. I'm not sure about the AR300M16.
("Ext" means it comes with external antennas, version without that suffix has internal antenna if you want it to be even more compact)
Damn that one looks pretty good. Are there any with usb-c so I can hook my laptop to it via a usb-c cable and get a usb Ethernet gadget device, and can then carry one fewer cat-5 cable?
One advantage of a travel router, to me, is convenience. It's pretty great to have my own (portable!) LAN while out and about.
I just show up at the hotel and get my router online.
After configuring that singular device, my other stuff all works together: My Chromecast, my laptop, my smart speaker, whatever gaming system I may have, some ESP32 project or other that I've been tinkering with, or whatever -- I just turn stuff on and it simply works.
With a travel router that additionally uses VPN to tie my travel LAN to my home LAN, then: Whatever other network services I have at home are also available to me on the road.
It can be very transparent.
And that all conspires to mean that I can spend more time doing whatever it is that I feel like doing instead of futzing around with networking.
I have a Pi 4 and ran Wireguard/PiHole on it for a few years before the SD card died.
I decided to install Ubuntu on a 6 year old Dell XPS computer. I now run Wireguard/PiHole strictly on docker and it is incredibly fast. Changed my settings to auto start the PC after a power loss. I haven't had any downtime for the containers. I'll stick to my custom docker compose file forever.
I don't use the expensive Pi devices and like the parent commenter, I use an old laptop with a 4 Gig VM, host Ubuntu, VM Ubuntu and it runs my kube cluster as well as a separate kube cluster on the host itself. If it used much power, my wife would be on me about it. PS I don't use Snap.
WireGuard shouldn't consume energy when idle. Turn off KeepAlive, if your network setup allows for it (on most platforms, the official WireGuard implementation can roam just fine).
I can't speak to the Compose file itself, but I use Compose to run stuff myself on an intel NUC and it has been amazing. Orders of magnitude faster than a Pi, super stable, tiny, I just love it.
> I’d say that if you’re planning on using WireGuard on an iOS device with the On-Demand Activation for untrusted wi-fi networks when away from the house, this should get the job done to protect you on public wi-fi networks. If the goal is permanent, high throughput usage, I would recommend a more powerful box to run WireGuard.
A zoom meeting on a phone is pretty high throughput...
Is it really? For personal use I find that anything except file transfers uses a tiny amount of bandwidth (few MBit/s at most). That includes stuff like video calls, remote desktop, youtube, etc.
Does anyone have suggestions for the smallest physical device that can function as a WireGuard server or a Tailscale exit node with decent performance?
I agree with this recommendation - they work great with Wireguard. And if you're travelling, some of the features like handling captive portals are handy.
This explicitly doesn't answer your question as written, but just in case it's relevant to you anyway: you can run something like pfSense in a VM on a server or really any machine you have available on the network where you want an exit node. At least on Linux, the software networking support is good enough to make such a VM appear as just another machine on the network the VM host is connected to.
My primary home router is a pfSense VM set up as a Wireguard peer for tunneling in from various other devices and locations, and I'm very happy with it.
Probably something like an n100 based "NUC" type deal. Its has loads of float performance and is much better suited to being a "server" than a pi (much as I love the pi)
If the goal is smallest VPN box instead of best for the price server then the float performance doesn't really matter much and both are probably overkill -> too large. Both the n100 and the pi 5 can reach multiple gbps of wireguard throughput, whatever you can get in the smaller total form factor is more ideal than ridiculous throughput.
I'm currently using my Unifi Cloud Gateway Ultra router as a Wireguard server for my home network and it's at least somewhat compact with good performance. Before that I used to have a Dell WYSE 3040 that's also quite compact but maybe a bit less so on the performance side.
I run a WireGuard server on my wireless router. The router itself is not tiny, the size of a two-inch-thick trade paperback. But the marginal size of the WireGuard device is zero, because i need the router anyway.
This setup has been in place about a year now and just works. The Pi can handle about 50 Mbit bidirectional over WireGuard, which is suffient even for a couple of 4K media streams. I am planning to duplicate this setup at some other relatives' homes.