Wireguard: Home VPN Server

I used to use OpenVPN as a means to connect to my internal network from outside of my house. It worked really well, but managing its configs was a little bit of a hassle and, frankly, OpenVPN is old news (/s). I wanted to play with a new toy.

So I looked into Wireguard.


Server Config

Since I use Home Assistant and it has Add-Ons available available, I decided to use its Wireguard Add-On.

I had a couple of choices: Try to install an unsupported Wireguard implementation on my pfSense router, install Wireguard on another system, or use the Home Assistant Add-On. The last option seemed the easiest to manage, so that's what I went with.

My thought process here was:

  • I'm already running Home Assistant
  • Home Assistant and its services are the main resources I want to access when I'm not at home.
  • The Add-On in Home Assistant is dead-simple to set up and manage.

The great thing about Wireguard, like OpenVPN, is that there are clients for everything: Linux, ChromeOS (via Android), Android Phones, Mac, Windows, and, should the need ever arise, iPhone.

Client Config

Wireguard ConfigIts really easy to manage. I simply go into Home Assistant -> Supervisor -> Wireguard -> Configuration and add a section similar to the screenshot (left).

Android Client Setup (and Probably iPhone too)

Then I go into Studio Code Server, browse to the 'wireguard' folder and find my new profile. There's a qrcode.png file that I can scan inside the Wireguard app on my phone. That automatically adds the profile to my phone.

The connection to the Wireguard service is extremely quick and I don't notice any overhead on my phone.

Linux Client Setup

On Linux, setting up a connection is done in a couple of ways. For either, I install the wireguard-tools package (using pacman on Arch).

Running a Command from a Terminal

First I download the 'client.conf' file from Studio Code Server to my laptop. I copy it to /etc/wireguard/wg0.conf.

Then, when I want to connect to the VPN, I run: sudo wg-quick up wg0 To disconnect: sudo wg-quick down wg0

To make it simple, I made some shell aliases (bash):

alias vpndown='sudo wg-quick down wg0'
alias vpnup='sudo wg-quick up wg0'

Then I can simply run vpnup and vpndown.