Wireguard VPN Server

Wireguard VPN Setup

About Wireguard VPN

Wireguard homepage

Download wireguard client

Wireguard inside DOCKER container

Setup your own Wireguard VPN Server on Raspberry PI

Quick setup guide can be found here Pimylifeup.

Quick commands

Create new client public and private keys and configuration: cd /etc/wireguard
umask 077
#Generate client pub and priv key
wg genkey | tee clientprivate.key | wg pubkey > clientpublic.key
#Add client public key to server configuration
sudo nano /etc/wireguard/wg0.conf

#Edit wireguard server config @ /etc/wireguard/wg0.conf
[Interface]
PrivateKey = "contents-of-server-privatekey"
...
[Peer]
#Paste in bellow client public key
PublicKey = "content-of-clientpublic.key"
#Assign IP address for client
AllowedIPs = 10.0.0.2/32

#Show client private and public keys
sudo cat /etc/wireguard/clientprivate.key
sudo cat /etc/wireguard/clientpublic.key

#create client configuration file (that will be imported on client side)

nano client.conf
[Interface]
PrivateKey = "client-private-key"
#VPN subnet
Address = 10.x.x.x/24
DNS = 8.8.8.8

[Peer] PublicKey = "server public key"
PresharedKey = "preshared key"
Endpoint = 10.12.12.23:81520
AllowedIPs = 0.0.0.0/0, ::0/0

Create QR code for the client configuration: qrencode -t ansiutf8 client.conf

Reload Wireguard VPN: sudo systemctl reload wg-quick@wg0

My quick and dirty script to add new client and generate config and QR code for it

Create new client public and private keys, add client to server config file and generate client config file and QR: #!/bin/bash
#
# usage: addclient clientname clientipaddress
# eg: addclient laptop 10.1.2.3
#
#
if [[ $EUID != 0 ]]; then
echo "Error: Run this script as root"
exit 1
fi
if [ ! -d /etc/wireguard ]; then
echo "Error: /etc/wireguard cannot be found"
exit
fi
echo "::: Generating wireguard keys for client $1 ::: "
umask 077
cd /etc/wireguard/keys
wg genkey | tee $1_priv | wg pubkey > $1_pub
wg genpsk | tee $1_psk &>/dev/null
echo "::: Keys for client $1 successfully generated! ::: "

echo "::: Creating configuration file for client $1 :::"

cd /etc/wireguard

echo "[Interface]
Address = $2/32
PrivateKey = $(cat keys/$1_priv)
DNS = 8.8.8.8

[Peer]
PublicKey = $(cat keys/server_public_key)
PresharedKey = $(cat keys/$1_psk)
Endpoint = {change_with_server_public_ip}:51820
AllowedIPs = 0.0.0.0/0, ::/0
" > clients/$1.conf
echo "::: Configuration file for client $1 generated :::"

echo "::: Adding client to server config :::"
echo "### Begin Client $1
[Peer]
PublicKey = $(cat keys/$1_pub)
PresharedKey = $(cat keys/$1_psk)
AllowedIPs = $2/32
PersistentKeepalive = 25
### End client $1
" >> wg0.conf
echo "::: Client added to server config :::"

echo "::: Reloading Wireguard config ::::"
service wg-quick@wg0 restart

echo "::: Creating QR for client $1 :::"
#qrencode -t ANSIUTF8 -o clients/$1.png < clients/$1.conf
qrencode -t ANSIUTF8 < clients/$1.conf
echo "::: QR for client $1 created :::"

Wireguard and Pi-Hole in docker containers

Contenst of docker-compose.yml fille bellow.

orifinal blogpost at https://notes.iopush.net/blog/2020/wireguard-and-pi-hole-in-docker/

version: "3.5"

services:
wireguard:
image: linuxserver/wireguard
depends_on:
- pihole
dns:
- 172.29.0.2
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
volumes:
- ../../data/wireguard:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
environment:
- TZ=Europe/Paris
- SERVERURL=host_server.yourdomain.com
- SERVERPORT=1194
- PEERS=Android_phone
networks:
- network-pihole

pihole:
image: pihole/pihole:latest
volumes:
- ../../data/pi-hole/etc/:/etc/pihole/
- ../../data/pi-hole/dnsmasq.d:/etc/dnsmasq.d
environment:
TZ: "Europe/Paris"
PROXY_LOCATION: pihole
VIRTUAL_HOST: pihole.yourdomain.com
VIRTUAL_PORT: 80
LETSENCRYPT_EMAIL: email@yourdomain.com
LETSENCRYPT_HOST: pihole.yourdomain.com
restart: unless-stopped
networks:
network-pihole:
ipv4_address: 172.29.0.2

networks:
network-pihole:
name: "dns-pihole"