You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3.2 KiB

WireGuard

WireGuard is a free and open-source software that implements encrypted VPNs. It was designed to be especially fast and secure. This section including its subsections - especially the usage is based on an extensive guide on WireGuard by DigitalOcean.

Setup

In the following sections the different set ups of WireGuard usages are described.

Server

The software can be set up via Docker with the linuxserver image. Additionally to this a client is needed on the system that accesses the server.

Client

WireGuard clients can be found for many devices. For Android for example there is Wireguard for Android in the F-Droid store. For most linux distributions there is a package called wireguard-tools.

Usage

Wireguard clients connect to servers by using a .conf file. For mobile devices often times a QR-code can also be used.

In Linux based operating systems the .conf can be placed at the path /etc/wireguard/wg0.conf. Afterwards wireguard can be started and stopped by running the following commands.

wg-quick up wg0
wg-quick down wg0

When using multiple .conf files the number behind wg can be incremented. When starting and stopping wireguard with wg-quick the corresponding number should be used. Alternatively also other names not including wg can be used. The term wg0 the incremented version of it has to be changed accordingly then.

Setting Up Local DNS

This section focusses on the usage of a local DNS like bind9. This can be especially useful for using local domains. The following guide is based on a comments by the Reddit users orthecreedence and rptb1.

To set up the usage of a local DNS the WireGuard configuration file needs to be changed. The following lines have to be appended under the [Interface] section and the DNS IP address (in this case 192.168.178.1) has to be changed as needed. wg0 is the name of the configuration file (see the usage section) for reference.

PostUp = resolvectl dns wg0 192.168.178.1
PostDown = resolvconf -d %i -f

The PostUp line sets up the DNS while the PostDown line shuts it down after wireguard is closed.

Troubleshooting

This section addresses various errors and ways how to troubleshoot them.

Unknown Device Type / Protocol Not Supported

Especially when running wg-quick up wg0 this error can appear. The most probable source of this error is that the version of the package linux doesn't match with the version of the wireguard package or the system has been updated and the system wasn't restarted causing the same problem. To fix this linux can be reinstalled but a full update of the system is recommended. Because it changes the kernel the system needs to be restarted afterwards.