WireGuard: Difference between revisions
| Line 63: | Line 63: | ||
--env SUBSPACE_LETSENCRYPT="false" \ | --env SUBSPACE_LETSENCRYPT="false" \ | ||
subspacecloud/subspace:latest | subspacecloud/subspace:latest | ||
sudo docker start subspace | sudo docker start subspace | ||
sudo docker logs subspace | |||
</pre> | </pre> | ||
Revision as of 02:53, 15 July 2020
Hot new VPN with many features
- Handles handoff between connections (WiFi and Cellular)
- Much faster connections
- Smaller codebase
Server
How to setup a WireGuard VPN server on Ubuntu
- If using Ubuntu <= 19.04, add the WireGuard PPA
sudo add-apt-repository ppa:wireguard/wireguard sudo apt update
-
Install WireGuard
sudo apt install wireguard
- Generate pub/priv keys
- Open up and forward port 51820
sudo ufw allow 51820/udp
- Enable WireGuard systemd service
sudo systemctl enable wg-quick@wg0
- References
- https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
- https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
- https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
Front-ends
Managing connections manually is a large pain.
Subspace provides a front end you can use.
Below is my setup. I have subspace running on port 52395. Apache and certbot manages SSL/TLS and proxies to this local port.
docker create \
--name subspace \
--restart always \
--network host \
--cap-add NET_ADMIN \
--volume /usr/bin/wg:/usr/bin/wg \
--volume /home/david/wireguard/data:/data \
--env SUBSPACE_HTTP_HOST=wireguard.davidl.me \
--env SUBSPACE_HTTP_ADDR="localhost:52395" \
--env SUBSPACE_HTTP_INSECURE="true" \
--env SUBSPACE_LETSENCRYPT="false" \
subspacecloud/subspace:latest
sudo docker start subspace
sudo docker logs subspace