Earlier this year, I had (another) look at Wireguard. Beginning with Ubuntu 24.04, the client is now fully integrated in the network GUI and a Docker based server installation has become available as well. One thing I didn’t have time for at the time was to look at Wireguard on Android. So let’s have a go now.
Installing and using Wireguard on Android is pretty much straight forward. After installing ‘WG Tunnel‘ from the Open Source F-Droid store, I created a new Client on my server with the web based GUI and then used the 2D barcode option to import the configuration in WG-Tunnel on Android. It takes 20 seconds to do and the Wireguard tunnel is up and running. No manual parameter handling at all, just scanning a barcode with the app and things are done. I’m impressed!
To see if I would notice the Wireguard tunnel, I used it for a couple of days in always-on mode, i.e. for everything. And after a week I can say that everything worked as expected, Conversations XMPP voice and video calls were tunneled to my server and from there to the Internet, and I didn’t notice much of a difference overall.
From a power management point of view, however, things are not quite so nice. Wireguard is based on UDP and as most connections involve a Network Address Translation gateway, Wireguard keeps sending keep alive packets around every 30 seconds. This means that the cellular modem is pretty much active at all times, there are only very few and very short opportunities to go to a more power efficient state. That’s quite a bit of a problem and, I have to admit, a showstopper for continuous use. Have a look at the screenshot at the beginning of this post for details.
In summary, I’m glad I have to option to quickly get a VPN on my smartphone up and running, but I’ll use it only in exceptional cases instead of by default. And as the reason for the keep alive packets are unlikely to go away any time soon, i.e. the NAT gateways, this is unlikely to change.