Why WireGuard?
Where Tailscale handles my everyday mesh VPN needs at KnausDev, WireGuard is what I reach for when I need direct control over the tunnel configuration. The protocol is fast, the config is a single file, and it does exactly what it’s told — nothing more. That predictability is what makes it useful for the specific infrastructure setups where I need it.
Not a daily driver
My experience with WireGuard is limited compared to other tools in my stack. I use it for targeted configurations rather than broad networking. But the use cases where it shows up at KnausDev are critical ones.
How I Use It
WireGuard fills the gaps where Tailscale is either too opinionated or where I need full control over what traffic flows where.
Where WireGuard runs
- OPNsense email routing: the tunnel connecting my Hetzner VPS router to my Mailcow instance in Proxmox, routing all email traffic through a static IPv4
- Client VM isolation: when I spin up a dedicated Proxmox VM for a client engagement, WireGuard connects it to the client’s network while keeping everything sandboxed from my machine
- Work machine control: setups where the whole traffic flow on a work machine needs to be controlled, monitored, and flagged — WireGuard gives me the configuration granularity to decide exactly what goes through the tunnel and what doesn’t
Status
Active: targeted VPN tunnels for email infrastructure and client isolation.