Does Wireguard work with Starlink?

click to enlarge

A member of one of the intellectual property listservs asked “does Wireguard work with Starlink?”  I tested this, and the answer turns out to be “yes”.  Here is how I tested it. 

I started by connecting my computer via a direct ethernet connection to some Starlink service.  (This is not possible if your Starlink antenna is round.  My good luck is that the Starlink antenna I was using is rectangular, and I was able to obtain one of the hard-to-get Starlink ethernet adapters, and I chose to put the system into router bypass mode.)  I then did a speedtest using my favorite speed test.

The results are shown at right.  The first thing is that I was able to independently confirm that I was connected using Starlink (rather than some other ISP).   We see this because the routable IP address is from Space Exploration Technologies Corporation. You can see a typical latency (here, 131 milliseconds), a download speed of 53 megabits per second, and an upload speed of 5 megabits per second.

I had previously set up a Wireguard (Wikipedia article) server at a residential location that is served by ordinary Comcast cable internet service.  I did this using the detailed instructions provided here.  I used the default Wireguard port which is UDP port 51820.  I used a Brume 2 router which I had purchased directly from the the manufacturer for $59.  This server uses open-source software and so one does not need to worry whether there is some undisclosed backdoor in it.  (I see that this server is now available on Amazon for $89.)

Maybe you already have one of GL.iNet’s other travel routers on hand.  If so, then any of them will also work just fine for this Wireguard server function.  But the Brume and Brume 2 routers use particularly fast processors that are very well suited for VPN server use.

It will be recalled that Starlink does not provide a routable IPv4 IP address to its customers.  What you get is a NAT IP address.  (Starlink does provide each customer with a block of routable IPv6 IP addresses.  As time goes on, and as more and more systems make use of IPv6, I think this will prove to be a powerful feature of Starlink service.)  Any time you are “behind a NAT”, this raises the question of whether you might find that some VPN protocol might not work.  What prompted the discussion thread about Wireguard in the above-mentioned intellectual property listserv was that one poster mentioned being unable to get PPTP (point-to-point tunneling protocol) to work on Starlink.  And indeed the next thing I tried was to connect to this same system using PPTP.  The connection timed out.  (I expect that the cause of the timout is that Starlink’s implemention of NAT blocks GRE (generic route encapsulation) which is a crucial component of PPTP.)

click to enlarge

Having connected my notebook computer to the Internet through Starlink, I then opened my Wireguard client.  As you can see in the screen shot at right, I have seven configurations set up in this Wireguard client.  I tapped on the second one and clicked “activate”.

One of the nice things about Wireguard is that it usually connects very quickly compared with many other VPN protocols.  It usually does not even take a full 1000 milliseconds for the two green check box shields to appear, indicating that the VPN connection has been established.  (In contrast, if the above-mentioned PPTP connection had worked, it would have taken at least five seconds to connect.)

And indeed the Wireguard connection worked.  This told me that the answer to the original question “does Wireguard work with Starlink?” is “yes”.

A natural next question is “how well does Wireguard work with Starlink?”  Some VPN protocols inject quite a bit of computational overhead into a connection.  Most Wireguard users find that Wireguard injects less overhead than other protocols.  The best way to test this is, of course, to do whatever it is that you need to do and see how it goes.  Try this using your other VPN solution, and try it using the Wireguard solution.  If your chief use case is doing a Windows Remote Desktop session, then do the RD session.  If your chief use case is uploading or downloading large files from a file server, then do that.  See if it is fast or slow.  See if there is better or worse latency in the connection.

click to enlarge

What I did for this test was to repeat my speed test.  You can see the results at right.  The speed test, through the Wireguard tunnel, was slower and had more latency.  Latency was about 159 milliseconds (compared with 131 earlier), the download speed was 13 megs (compared with 53 megs earlier), and upload speed was 4 megs (compared with 5 megs earlier).

So the answer is, the Wireguard VPN works very well over Starlink.  It slows things down a little, but not much.

Leave a Reply

Your email address will not be published. Required fields are marked *