I used to use OpenVPN as a means to connect to my internal network from outside of my house. It worked really well, but managing its configs was a little bit of a hassle and, frankly, OpenVPN is old news (/s). I wanted to play with a new toy.
So I looked into Wireguard.
Since I use Home Assistant and it has Add-Ons available available, I decided to use its Wireguard Add-On.
I had a couple of choices: Try to install an unsupported Wireguard implementation on my pfSense router, install Wireguard on another system, or use the Home Assistant Add-On. The last option seemed the easiest to manage, so that's what I went with.
My thought process here was:
- I'm already running Home Assistant
- Home Assistant and its services are the main resources I want to access when I'm not at home.
- The Add-On in Home Assistant is dead-simple to set up and manage.
The great thing about Wireguard, like OpenVPN, is that there are clients for everything: Linux, ChromeOS (via Android), Android Phones, Mac, Windows, and, should the need ever arise, iPhone.
Its really easy to manage. I simply go into Home Assistant -> Supervisor -> Wireguard -> Configuration and add a section similar to the screenshot (left).
Android Client Setup (and Probably iPhone too)
Then I go into Studio Code Server, browse to the 'wireguard' folder and find my new profile. There's a qrcode.png file that I can scan inside the Wireguard app on my phone. That automatically adds the profile to my phone.
The connection to the Wireguard service is extremely quick and I don't notice any overhead on my phone.
Linux Client Setup
On Linux, setting up a connection is done in a couple of ways. For either, I install the wireguard-tools package (using pacman on Arch).
Running a Command from a Terminal
First I download the 'client.conf' file from Studio Code Server to my laptop. I copy it to /etc/wireguard/wg0.conf.
Then, when I want to connect to the VPN, I run:
sudo wg-quick up wg0
sudo wg-quick down wg0
To make it simple, I made some shell aliases (bash):
alias vpndown='sudo wg-quick down wg0' alias vpnup='sudo wg-quick up wg0'
Then I can simply run