WireGuard: Difference between revisions
Line 74: | Line 74: | ||
Below is my setup. I have subspace running on port 52395. Apache and certbot manages SSL/TLS and proxies to this local port. | Below is my setup. I have subspace running on port 52395. Apache and certbot manages SSL/TLS and proxies to this local port. | ||
<pre> | <pre> | ||
mkdir -p /home/ | mkdir -p /home/$USER/wireguard/data | ||
docker create \ | docker create \ | ||
--name subspace \ | --name subspace \ | ||
Line 81: | Line 81: | ||
--cap-add NET_ADMIN \ | --cap-add NET_ADMIN \ | ||
--volume /usr/bin/wg:/usr/bin/wg \ | --volume /usr/bin/wg:/usr/bin/wg \ | ||
--volume /home/ | --volume /home/$USER/wireguard/data:/data \ | ||
--env SUBSPACE_HTTP_HOST=wireguard.davidl.me \ | --env SUBSPACE_HTTP_HOST=wireguard.davidl.me \ | ||
--env SUBSPACE_HTTP_ADDR="localhost:52395" \ | --env SUBSPACE_HTTP_ADDR="localhost:52395" \ |
Revision as of 02:59, 15 July 2020
Hot new VPN with many features
- Handles handoff between connections (WiFi and Cellular)
- Much faster connections
- Smaller codebase
Server
How to setup a WireGuard VPN server on Ubuntu
- If using Ubuntu <= 19.04, add the WireGuard PPA
sudo add-apt-repository ppa:wireguard/wireguard sudo apt update
-
Install WireGuard.
sudo apt install wireguard
- Generate server private and public keys.
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
- Write the config file
/etc/wireguard/wg0.conf
.[Interface] Address = 10.0.0.1/24 SaveConfig = true ListenPort = 51820 PrivateKey = SERVER_PRIVATE_KEY PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
- Fix permissions and start the interface.
sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf} sudo wg-quick up wg0 sudo wg show wg0
- Open up and forward port 51820.
sudo ufw allow 51820/udp comment wireguard
- Enable WireGuard systemd service.
sudo systemctl enable wg-quick@wg0
- References
- https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
- https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
- https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
Front-ends
Managing connections manually is a large pain.
Subspace provides a front end you can use.
Below is my setup. I have subspace running on port 52395. Apache and certbot manages SSL/TLS and proxies to this local port.
mkdir -p /home/$USER/wireguard/data docker create \ --name subspace \ --restart always \ --network host \ --cap-add NET_ADMIN \ --volume /usr/bin/wg:/usr/bin/wg \ --volume /home/$USER/wireguard/data:/data \ --env SUBSPACE_HTTP_HOST=wireguard.davidl.me \ --env SUBSPACE_HTTP_ADDR="localhost:52395" \ --env SUBSPACE_HTTP_INSECURE="true" \ --env SUBSPACE_LETSENCRYPT="false" \ subspacecloud/subspace:latest sudo docker start subspace sudo docker logs subspace