(WIP) High performance VPN for home server with Wireguard
When setting up services on my home server, I was wondering how I could use some private services from other networks without exposing them to the internet with a domain (or subdomain). It had me conducted a research and I found out it could be achieved with an VPN.
How VPN works
Simply put, when using a VPN connection, all TCP/UDP requests will be redirected to the VPN server.
That server will catch and transfer all requests from the client to the target destinations (domains, IP addresses) with the VPN server information.
By this way we can achieve 2 things:
- Connect the client to local network
- Hide the real client digital traits
Set up Wireguard Easy with Docker Compose
Repo: https://github.com/wg-easy/wg-easy
- Generate bcrypt hash password
Follow this instruction: https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
- Run Wireguard easy with Docker Compose
TODO: Docker compose file here
Environment variables explanation
Volumes explanation
- Access Wireguard Web UI and issue new client
- Install client application on other devices and connect to VPN via the configuration file.
Notes
ip route get 8.8.8.8 | awk '{print $5}'Get internet accessible network device
ip -o -f inet addr show | awk '/scope global/ {print $2,$4,$6}'/ {print $2,$4,$6}'Find all available ethernet devices and IP/Subnet mask
https://unix.stackexchange.com/a/639011
By default, the iptable configuration already routes requests to host, so just check the firewall on the host machine
In case you want to access local IP via VPN, the host machine must allows the target ports (check ufw, or just turn it off)
We should change the modem IP range different from the default range (192.168.1.0/24) because there are many networks are using the same IP range, and it makes VPN unables to know what local IP are being requested
