WireGuard
Hot new VPN with many features
- Handles handoff between connections (WiFi and Cellular)
- Much faster connections
- Smaller codebase
Server
How to setup a WireGuard VPN server on Ubuntu
- If using Ubuntu <= 19.04, add the WireGuard PPA
sudo add-apt-repository ppa:wireguard/wireguard sudo apt update
-
Install WireGuard
sudo apt install wireguard
- Generate pub/priv keys
- Open up and forward port 51820
sudo ufw allow 51820/udp
- Enable WireGuard systemd service
sudo systemctl enable wg-quick@wg0
- References
- https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
- https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
- https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
Front-ends
Managing connections manually is a large pain.
Subspace provides a front end you can use.
Below is my setup. I have subspace running on port 52395. Apache and certbot manages SSL/TLS and proxies to this local port.
docker create \ --name subspace \ --restart always \ --network host \ --cap-add NET_ADMIN \ --volume /usr/bin/wg:/usr/bin/wg \ --volume /home/david/wireguard/data:/data \ --env SUBSPACE_HTTP_HOST=wireguard.davidl.me \ --env SUBSPACE_HTTP_ADDR="localhost:52395" \ --env SUBSPACE_HTTP_INSECURE="true" \ --env SUBSPACE_LETSENCRYPT="false" \ subspacecloud/subspace:latest sudo docker start subspace