vpn

24 Articles

WolfIP Doesn’t Allocate

April 9, 2026 by 30 Comments

For some types of embedded systems — especially those that are safety-critical — it’s considered bad form to dynamically allocate memory during operation. While you can usually arrange for your own code to behave, it’s the libraries that get you. In particular, it is hard to find a TCP/IP stack that doesn’t allocate and free memory all over the place. Unless you’ve found wolfIP.

The library supports a BSD-like non-blocking socket API. It can act as an endpoint, but can also support multiple interfaces and forwarding if you were building something like a router. It doesn’t appear to be bare-bones either. In addition to the normal things you’d expect for IPv4, there’s also ICMP, IPSEC, ARP, DHCP, DNS, and HTTP with or without SSL TLS. There is also a FIPS-compliant implementation of WireGuard for VPN, although it is not directly compatible with standard WireGuard, only with other instances of itself (known as wolfGuard). There is a Linux kernel module for WolfGuard, though.

The code should be fairly easy to port, and it includes a binding for FreeRTOS already. If you’ve used wolfIP, let us know in the comments.

If you want to really get down to the low-level, try this project. Of, if you want a refresher on basics, we can help with that, too.

FLOSS Weekly Episode 867: Pangolin: People Can Lie

March 25, 2026 by No comments

This week Jonathan chats with Milo Schwartz about Pangolin, the Open Source tunneling solution. Why do we need something other than Wireguard, and how does Pangolin fix IoT and IT problems? And most importantly, how do you run your own self-hosted Pangolin install? Watch to find out!

Continue reading “FLOSS Weekly Episode 867: Pangolin: People Can Lie”

Ask Hackaday: Now You Install Your Friends’ VPNs. But Which One?

September 3, 2025 by 77 Comments

Something which may well unite Hackaday readers is the experience of being “The computer person” among your family or friends. You’ll know how it goes, when you go home for Christmas, stay with the in-laws, or go to see some friend from way back, you end up fixing their printer connection or something. You know that they would bridle somewhat if you asked them to do whatever it is they do for a living as a free service for you, but hey, that’s the penalty for working in technology.

Bad Laws Just Make People Avoid Them

There’s a new one that’s happened to me and no doubt other technically-minded Brits over the last few weeks: I’m being asked to recommend, and sometimes install, a VPN service. The British government recently introduced the Online Safety Act, which is imposing ID-backed age verification for British internet users when they access a large range of popular websites. The intent is to regulate access to pornography, but the net has been spread so wide that many essential or confidential services are being caught up in it. To be a British Internet user is to have your government peering over your shoulder, and while nobody’s on the side of online abusers, understandably a lot of my compatriots want no part of it. We’re in the odd position of having 4Chan and the right-wing Reform Party alongside Wikipedia among those at the front line on the matter. What a time to be alive.

Continue reading “Ask Hackaday: Now You Install Your Friends’ VPNs. But Which One?”

Raspberry Pi Becomes Secure VPN Router

September 16, 2024 by 20 Comments

OpenWRT is a powerful piece of open-source software that can turn plenty of computers into highly configurable and capable routers. That amount of versatility comes at a cost, though; OpenWRT can be difficult to configure outside of the most generic use cases. [Paul] generally agrees with this sentiment and his latest project seeks to solve a single use case for routing network traffic, with a Raspberry Pi configured to act as a secure VPN-enabled router configurable with a smartphone.

The project is called PiFi and, while it’s a much more straightforward piece of software to configure, at its core it is still running OpenWRT. The smartphone app allows most users to abstract away most of the things about OpenWRT that can be tricky while power users can still get under the hood if they need to. There’s built-in support for Wireguard-based VPNs as well which will automatically route all traffic through your VPN of choice. And, since no Pi router is complete without some amount of ad blocking, this router can also take care of removing most ads as well in a similar way that the popular Pi-hole does. More details can be found on the project’s GitHub page.

This router has a few other tricks up its sleeve as well. There’s network-attached storage (NAS) built in , with the ability to use the free space on the Pi’s microSD card or a USB flash drive. It also has support for Ethernet and AC1300 wireless adapters which generally have much higher speeds than the built-in WiFi on a Raspberry Pi. It would be a great way to build a guest network, a secure WiFi hotspot when traveling, or possibly even as a home router provided that the home isn’t too big or the limited coverage problem can be solved in some other way. If you’re looking for something that packs a little more punch for your home, take a look at this guide to building a pfSense router from the ground up.

This Week In Security: AI Is Terrible, Ransomware Wrenches, And Airdrop

January 12, 2024 by 8 Comments

So first off, go take a look at this curl bug report. It’s a 8.6 severity security problem, a buffer overflow in websockets. Potentially a really bad one. But, it’s bogus. Yes, a strcpy call can be dangerous, if there aren’t proper length checks. This code has pretty robust length checks. There just doesn’t seem to be a vulnerability here.

OK, so let’s jump to the punch line. This is a bug report that was generated with one of the Large Language Models (LLMs) like Google Bard or ChatGPT. And it shouldn’t be a surprise. There are some big bug bounties that are paid out, so naturally people are trying to leverage AI to score those bounties. But as [Daniel Stenberg] point out, LLMs are not actually AI, and the I in LLM stands for intelligence.

There have always been vulnerability reports of dubious quality, sent by people that either don’t understand how vulnerability research works, or are willing to waste maintainer time by sending in raw vulnerability scanner output without putting in any real effort. What LLMs do is provide an illusion of competence that takes longer for a maintainer to wade through before realizing that the claim is bogus. [Daniel] is more charitable than I might be, suggesting that LLMs may help with communicating real issues through language barriers. But still, this suggests that the long term solution may be “simply” detecting LLM-generated reports, and marking them as spam. Continue reading “This Week In Security: AI Is Terrible, Ransomware Wrenches, And Airdrop”

Grannophone Helps You Stay In Touch

September 10, 2023 by 20 Comments

Whether it’s distance, pandemics, or both that separate you from your elderly loved ones, what’s the best idea for communicating with them so they don’t suffer from loneliness on top of issues like dementia? We’d say it’s probably something like [Stefan Baur]’s Grannophone.

Back in late 2020, a Twitter user named [Nitek] asked the Internet what could be done in the way of a grandma-friendly video-conferencing solution, provided Grandma has a TV and a broadband internet connection. At first, [Stefan] was like, just get her an old iPad and FaceTime with her. But the question got him thinking. And prototyping.

Grannophones are essentially Linux machines with a video-capable SIP client connected over a VPN for privacy reasons. In simple mode, picking up the handset of one Grannophone will call the other, but more complicated configurations are possible. We particularly like that replacing the handset automatically obscures the camera. That’s a nice touch.

At this point, the Grannophone is a work in progress. The idea is that they be extremely easy to build at the kitchen table, like on the order of disposable Swedish furniture. If you can contribute to the project, please do. Be sure to check out the demonstration video after the break.

On the other hand, if Granny is 1337, you could always video-conference in terminal.

Continue reading “Grannophone Helps You Stay In Touch”

Linux Fu: Easy And Easier Virtual Networking

June 14, 2023 by 15 Comments

One of the best things about Linux is that there are always multiple ways to do anything you want to do. However, some ways are easier than others. Take, for example, virtual networking. There are plenty of ways to make a bunch of Internet-connected computers appear to be on a single private network. That’s nothing new, of course. Linux and Unix have robust networking stacks. Since 2018, though, Wireguard has been the go-to solution; it has a modern architecture, secure cryptography, and good performance.

There’s only one problem: it is relatively difficult to set up. Not impossible, of course. But it is a bit difficult, depending on what you want to accomplish.

How Difficult?

You must set up a wireguard server and one or more clients. You’ll need to pick a range of IP addresses. You might need to turn on routing. You have to generate keys. You might need to configure DNS and other routing options. You’ll certainly need to modify firewall rules. You’ll also need to distribute keys.

None of these steps are terribly difficult, but it is a lot to keep straight. The wg program and wg-quick script do most of the work, but you have a lot of decisions and configuration management to keep straight.

Browse the official “quick start,” and you’ll see that it isn’t all that quick. The wg-quick script is better but only handles some use cases. If you want really limited use cases, there are third-party tools to do a lot of the rote work, but if you need to change anything, you’ll still need to figure it all out.

That being said, once you have it set up, it pretty much works without issue and works well. But that initial setup can be very frustrating. Continue reading “Linux Fu: Easy And Easier Virtual Networking”