Wednesday, September 7, 2022, Norbert Rothers
The fact that a VPN is a secure way to connect to the private network from abroad is indisputable.
However, many are ashamed to install and operate such a system.
In this article, I describe how to set up a VPN server suitable for private use.
For the past year I have been using PI VPN (Link to the article) mentioned. With PI VPN, OpenVPN or WireGuard server can be set up.
Installing Pi VPN is also very easy, but it is still not as easy to use as WireGuard Easy in detail.
For example, with PI VPN, it is necessary to connect to the server using SSH (the terminal device) in order to set up a new access and query the data of the existing ones. To set up new devices such as computers, tablets or smartphones, the access data that has been set up is required. Wireguard Easy solves this deficiency in a convenient way.
In addition to server functions, it also provides a web interface that makes it easy to handle such administrative operations.
SBC such as Raspberry PI or VM on another server. The container under Proxmox, for example, is also suitable. I use Debian 11 as a base.
First, Docker is installed (if not already available)
curl -sSL https://get.docker.com | sh sudo usermod -aG docker $(whoami) exit
Then copy this whole block.
Modifications to WG_HOST and PASSWORD are required to allow access to the server.
The URL from which the server can be accessed is entered for WG_HOST
So it’s usually the Dyndns address.
The password is used at the end of the registration on the web interface
Ports can be left as is
Of course, port 51820 must be activated in the router
Port 51821 is used for administration via the web server and should not be accessible from the outside.
docker run -d \ --name=wg-easy \ -e WG_HOST=🚨YOUR_SERVER_IP \ -e PASSWORD=🚨YOUR_ADMIN_PASSWORD \ -v ~/.wg-easy:/etc/wireguard \ -p 51820:51820/udp \ -p 51821:51821/tcp \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --sysctl="net.ipv4.ip_forward=1" \ --restart unless-stopped \ weejewel/wg-easy
Then the installation is run.
Hence the web interface can be called with IP + 51821
Enter the password instead
Now the first client can be set up.
Then the client is created. Now you can:
- Turn client access on or off.
- Show QR code for mobile devices.
- Download the configuration file for computers.
- Delete the client.
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”