Toes♀

If I was in your IT department I’d be required to shut this down and probably revoke your access until our bosses decide on your future.

Keep in mind, your employer has a responsibility to protect their data and this would subject your homelab to any legal liabilities such as a lawsuit search order and data privacy auditing.

Any solution you work out needs to be signed off on in writing if it’s outside their expected usage.

Another important point o365 requires oauth2 authentication unless your IT department has intentionally allowed other forms of authentication or they are in a hybrid legacy environment.

When they broke EWS and office 2010 compatibility they crippled many foss solutions without an additional license and the tools that do work will report details to exchange about your homelab. So if your department is diligent it’ll come to their attention.

My clients when they text me the server is down.

I’d suggest configuring it for AV1 and use a RDNA 3 GPU.

Yeah give that a go. Glad to help 🙂

Ok in that case. The goal is to use a cipher suite that works well on your device that is still secure. AES is accelerated on most processors these days. But you’ll want to confirm that by looking up your specific cpu (both host and client machines!) and checking for AES acceleration.

AES-128-GCM would be my suggestion.

UDP mode provides less overhead, so it should be faster for you.

Alternatively you could use IPsec instead of openvpn but that’s a chore to configure. But it has the benefit of being free and being natively supported by many devices.

You would still want to configure an appropriate cipher suite that’s fast and secure.

You mentioned that your cpu is getting maxed out on wireguard. That makes a lot of sense since it’s generally not hardware accelerated, old low end CPUs could struggle here.

What choices do you have for protocols with your VPN software?

Try AES128 UDP mode with openVPN.

Try switching to openwrt firmware on the router.

D-Link stock firmware tends to be rather buggy in my experiences.

Power saving features sounds like a strong possibility.

I’ve seen a problem like this where it was related to the client switching between 2.4ghz and 5ghz and the router switching channels rather frequently.

Try writing a keep alive job. Every ten seconds ping Google.