January 4, 2026
VPNs, vanity keys, and very loud opinions
FreeBSD Home NAS, part 3: WireGuard VPN, routing, and Linux peers
DIY home server picks WireGuard — fans cheer, purists grumble
TLDR: A FreeBSD home server goes all-in on WireGuard to link home and office, sparking a split between “lean and modern” fans and “stick with OpenVPN” loyalists. The comment star: a tool for flashy “vanity” keys, fueling jokes about crypto bling and debates over style vs. substance.
The Home NAS saga rolls on, and today’s plot twist: the builder picked WireGuard, the lean, modern way to connect two places over the internet safely, instead of the heavyweight classic OpenVPN. Cue the crowd split. The WireGuard crowd is chanting “smaller, faster, cleaner,” loving that it’s built deep into the system and acts like a simple, secure network cable. The OpenVPN old guard sighs and says, “Why ditch the workhorse?” Meanwhile, router owners are stirring the pot: the author’s router already has VPN features, but he’s doing it by hand for control — a decision that sparked equal parts respect and eye-rolls.
Then came the flex: one commenter dropped a delightfully nerdy tip — generate a “vanity key” so your public key literally starts with “NAS/.” The thread instantly turned into bling-for-your-keys energy, with jokes like “If it doesn’t say NAS/, does it even tunnel?” and nostalgia-laced “my dad uses OpenVPN” quips. Others (the cautious crew) reminded everyone that cute prefixes don’t make you safer, but the vibe stayed fun. Between promises of home-office links, firewalls keeping the peace, and a VPN network named like a gamer tag, this episode has it all: DIY pride, router drama, and crypto-key swagger. Want the vanity generator? Here you go: wireguard-vanity-key.
Key Points
- •The post documents setting up a home VPN on FreeBSD 14.3 as part of a NAS build series, focusing on WireGuard, routing, and Linux peers.
- •WireGuard is chosen over OpenVPN due to its smaller codebase, kernel-space operation, integrated cryptography, and peer-to-peer model.
- •The network design links two private subnets (192.168.0.0/24 and 192.168.100.0/24) using TP-Link Archer AX12 routers, with FreeBSD hosting NAS, NFS, and WireGuard.
- •NAT port-forwarding on the router will expose the FreeBSD WireGuard endpoint, with a VPN subnet planned as 10.8.0.1/24 and PF used for traffic control.
- •Initial FreeBSD steps include installing wireguard-tools, loading and verifying the WireGuard kernel module, enabling it in /etc/rc.conf, and preparing IP forwarding and firewall rules.