I've been using Wireguard on both my laptop and my Android phone for about two months. I've been using the wg-quick systemd units, and everything has worked amazingly well. The only downside I've notice is slightly increased battery consumption on my phone, but that's to be expected (it uses approximately 5% of the battery per day).
I use dnsmasq to resolve DNS queries on the server side. Dnsmasq's configuration file includes entries to block connections to ad networks, based on Steven Black's host file [0]. It's a great to achieve ad blocking on Android, since Google has banned ad blockers from the Play Store.
> The only downside I've notice is slightly increased battery consumption on my phone, but that's to be expected (it uses approximately 5% of the battery per day).
Note that if you run a phone that has the WireGuard kernel module (rather than the userspace implementation), battery usage winds up being basically nil in my tests.
As for the userspace fallback, we expect performance (and hence battery life) to increase on that once these are merged:
Wow one of my favorite FLOSS developers replied to me! Hopefully they (lineageos) adopt it, it would be a HUGE improvement over the native android VPN options and openvpn.
Would adding such a module break SafetyNet? Can you even add modules to the Android ROM / Kernel and then relocking bootloader and disabling root access?
Not everyone cares about 'safetynet', and LineageOS does not support secureboot-style locked bootloader booting.
You can literally build the ROM with any kernel modules you want, provided the module has been backported to the almost-guaranteed ancient kernel your device needs for initializing/using its hardware.
> The only downside I've notice is slightly increased battery consumption on my phone, but that's to be expected (it uses approximately 5% of the battery per day).
I believe that Android does not accurately represent the battery usage of VPN apps. It seems to count all the radio (i.e. mobile and Wi-Fi) usage against the VPN app, but actually the traffic was sent only because some other app requested its transmission. WireGuard itself uses zero battery if no network traffic is being passed and the NAT keepalive mode is off. (at least this is true in the abstract, it might run occasional timers to update system information as Android requires)
I was using DNS66, much is user friendly and very effective. Unfortunately, it is implemented as a VPN, and Android will allow one VPN to be active at a time.
Steven Black's list sources from multiple lists as well. Checking out your lie-to-me project, there is actually a lot of overlap between what Steven is already pulling in and what you are getting. Looks like one of your sources 'palevotracker.abuse.ch' is discontinued and responds with a 500.
I use dnsmasq to resolve DNS queries on the server side. Dnsmasq's configuration file includes entries to block connections to ad networks, based on Steven Black's host file [0]. It's a great to achieve ad blocking on Android, since Google has banned ad blockers from the Play Store.
Jason Donenfeld, Wireguard's author, has a Patreon page: https://www.patreon.com/zx2c4
[0] https://github.com/StevenBlack/hosts