Motivation
For a moderately security conscious geek like myself, there can be a number of reasons to want to set up a home VPN server:
Accessing your home computer via screen sharing without exposing it to the Internet (and thereby to potential evil-doers). Accessing servers with IP white lists (common case for security hardened IT systems). Accessing county-IP-filtered things like Netflix while travelling. Browsing privately from insecure WiFi networks. Getting access to services that are blocked inside restrictive corporate networks.
I have use cases for all of those from time to time, and after a bunch of frustrated attempts at getting OpenVPN working as I want it to, I decided to try Wireguard, a fairly new VPN software that promises to cut through some of the complexities of OpenVPN or IPSec, while delivering a secure (and fast) connection. Getting it set up can be a little tricky if you (like me) don’t usually do a lot of networking stuff and don’t know all the ins and outs of it, so here’s my “Wireguard for dummies” explanation.
Important clarification
To Wireguard, there are no dedicated servers or clients, there are only “peers”. For the set up described here, one side will act as a server, and the other side as a client, so I’ll use those terms to describe them for clarity.
Installing the Wireguard server
The official Wireguard installation page has instructions for lots of different platforms. My Wireguard server is on a RaspberryPi (running Raspbian Buster), so I followed the instructions for Debian, which worked great.
The rest of these instructions should work on any other UNIX-y server (or even for running Wireguard inside a Docker container if that’s more your speed).
Once you’ve got it installed, we can proceed.
... continue reading