Wireguard
Wireguard is the newest way to setup a VPN for your home servers. What will this do for you ? It allows you to access your Raspberry Pi or other local servers located at home behind your router (or even your router itself) from outside your network by simply using a Wireguard client (either on a mobile phone or using a computer). You then access your local servers with the same ip addresses you do at home. For example, if my router is 192.168.1.1., I can be half way around the world and type in “192.168.1.1” and get my router control panel.
A recent podcast of Linux Unplugged “Back to the Freedom Dimension” had some really useful information on Wireguard and some interesting use cases. Paraphrasing one of the hosts, Wireguard is like having a very long ethernet cable into your home router.
The simplest method I have found to install Wireguard on Raspberry Pi is to use Docker following this post from The Digital Life.
Here is the somewhat modified docker compose file I use:
Wireguard Docker Compose file
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
version: "2.1" services: wireguard: image: linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1001 - PGID=1001 - TZ=[*Insert Your TZ Database name from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones*] - SERVERURL=[Insert Your Dynamic DNS domain name pointing to local server, e.g., www.mylocalserver.com] #optional - SERVERPORT=42842#optional - PEERS=1 #optional - PEERDNS=auto #optional volumes: - ./config:/config - /lib/modules:/lib/modules ports: - 42842:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped |
Now it’s just a matter of typing “docker-compose up -d” and you have a running wireguard instance. Set up the clients as described in The Digital Life post.