Build your OWN WireGuard VPN! Here's how

I'm extremely impressed with the terminal output being a QR code. What a delightfully clever system

lewismassie

This video is sponsored by Jeff Geerling VPN!

MarcoGPUtuber

For the dynamic DNS issue, I use Duck DNS, which is free and lets you update your IP with a simple curl call which you can execute in a cron task. This way, you'll always have your IP up to date.

miniskulljob

For people with CGNAT, what you can do is setup a VPS as the middle man. Setup wireguard onto the vps and on a device on your home network, and you can setup wireguard on the vps to forward requests or ports to your home network. This is basically what services such as tailscale do.

I use this setup to host a mail server on my local network. No need to open ports on my network

thebeatconnect

One thing to add (especially for macbook/iphone/ipad, not tried it on windows/android):

If you still want to use your private vpn for security reasons (like public wifi) you can enable "On Demand Activation" in the client. Then activate whatever you need and set your home wifi SSID as an exception. This way if you have enabled the vpn profile it will automatically connect to your vpn whenever you're not at home (depends on your configuration).
Really helpful if you have public wifis that are set to automatically connect and you are in range without knowing it.

You have to disable split tunnel (or change the allowed IPs correct) but I'm not 100% sure how to do that at the moment.
I suggest you create a second profile for it but importing the same profile a second time works when you name it something else.

GreenCincoOfficial

If you need a privately hosted VPN and must be behind a CG-NAT, your best bet is to set up set up a one-to-many IPSec tunnel with NAT traversal. It'll require a bunch more setup & understanding of networks, so for most people Tailscale & Zerotier are better, but it can be done.

Also minor thing, no RaspberryPi has cryptographic extensions, which is why it's so slow. If you need more speed it's *possible* you've got a router with AES-NI instructions, otherwise your home PC, old laptop, or an SBC that's a little beefier than a Pi would do the trick.

jordanmccallum

I already had Pi-Hole installed. I followed this video after pausing, replaying at a slow speed to see what I was missing. I was able to get the VPN running perfectly on my Pi 4 Model B with my Samsung 22 Ultra. It worked so effortlessly on the first try. Now I can use public wifi and not be worried about people monitoring what I an doing. Thanks for posting this video.

CarMaintenanceGuy

I've been using this for a year or more now. It's great that with Android at least it adds the wireguard tunnel into a quick access button next to my wifi and torch. Don't even have to open the app to turn it on, it's been great.

stevencrawford

1:36 traceroute can also show more than one hop if you are using a separate router from your ISP's modem. In that case, you'd likely see two hops, one of which is the router in front of the modem.

thewebmachine

I am behind NAT and use Windscribe to deal with this issue. They offer port forwarding and can be a great alternative to dealing with NAT. I run Windscribe in a Docker container and Wireguard in another container. When I need to connect to my home network, I connect through the Windscribe IP to get into the Windscribe container which is then setup to forward the connection to the Wireguard container. It does of cause provide a bit more overhead because you are basically nesting VPN connections, but I have not had any issues with my use cases.

danielberglv

THATS AMAZING! everything working well, dns, vpn, pihole, like a charm

IlIilLlIlILIliLIIiLIlI

And just like that something I'd been meaning to set up for years was done thanks to this video. I was hoping to waste a whole afternoon setting this up but annoyingly I was done in about 10 minutes. Thanks Jeff!

JohnArnoldUK

Good video. It would have nice to also cover local dns resolution. Especially from mobile clients that's handy. And a comparison to other options like zerotier would have been nice, too. That should be enough content for a 2nd video :)

tcurdt

Very informative. Been looking for a new use for the Pi 4 that used to be hooked up to my tv.

christiansantiago

Massive thanks for posting this, and I haven’t even watched it yet! I’ve been trying to use pivpn to get access to my home network on and off for a while, never successfully. I’m sure you will give me the info needed to get it working.

dormantat

You seriously said "I'm a simple man" on a video about making your own VPN lol. Love it

matthewprince

Thanks. Actually super helpful. I've been meaning to set up a vpn for a while now since my old openvpn died years ago. wireguard works so well. it's scary how fast it was to set up

binarypower

Thank you, very helpful and just what I was looking for!

teatimesbiscuit

Great video! Solid, straight to the point! Could have been an easier alternative to what I setup up literally three days ago with headscale and tailscale! Though I do like the peer-to-peer architecture it has and the ability to add more exit nodes on-the-fly it granted me if I'd so need

SuperGeneralCrazy

Will you be making a more in-depth video about tailscale? Also with the inclusion of self hosted orchestration using headscale. I see you gave it a shout out at the end. I've been trying it lately and it's handy. I'd like to see your thoughts on it as well as your ideal use cases. It works great with pikvm too.

benargee