this post was submitted on 16 Aug 2025

38 points (93.2% liked)

Selfhosted

52611 readers

484 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Help setting up a selfhosted VPN at home (lemmy.world)

submitted 2 months ago* (last edited 2 months ago) by NaiP@lemmy.world to c/selfhosted@lemmy.world

26 comments fedilink hide all child comments

Hello there,

Just want to preface that this is for selfhosted purposes, I may be routing my network in other way later.

I wanted to be able to setup a wireguard docker container with gluetun such that I can connect multiple devices to it at home, in order to minimize my "five device limit" with mullvad. I have the following docker compose:

  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun-wireguard
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - ./gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=#
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=#
      - WIREGUARD_ADDRESSES=#
      - SERVER_CITIES=#setup#setup
      # Timezone for accurate log times
      - TZ=#
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h
    ports:
      - 51820:51820/udp
  wireguard-server:
    image: linuxserver/wireguard
    container_name: wireguard-server
    network_mode: service:gluetun # << important
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - SERVERPORT=51820
      - PEERS=iphone
      - PEERDNS=auto
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    restart: unless-stopped

Whenever I try connecting to it by iphone, which is my first attempt for the peer, it doesn't quite work out. The packets are received by the container, and querying cloudflare as such works:

$ sudo docker exec -it wireguard-server ping -c 3 1.1.1.1

Is there any obvious error I've made?

If I'm making the XY Problem, please let me know. If there is a more apt community, please let me know.

you are viewing a single comment's thread
view the rest of the comments

[–] abimelechbeutelbilch@fulda.social 2 points 2 months ago (2 children)

@0_o7 @NaiP

I use https://github.com/linuxserver/docker-wireguard and followed the "Usage" to install and start my personal #wireguard #VPN server(s) - at #homelab and on my cloud servers at german datacenter provider #Hetzner #hetznercloud

This took me only some minutes to have a running VPN for my mobile devices and laptops for everyone in the family.

Important: to reach my VPN at home a #portforwarding from ISP router to my homelab linux server is needed.
WireGuard does authenticate devices - not users! So you need a config for each devices!

[–] cinimodev@masto.ctms.me 1 points 2 months ago (1 children)

@abimelechbeutelbilch @0_o7 @NaiP Oh I've been looking for an easier to setup wireguard! I have been reluctantly using Tailscale since PiVPN dev had to take a step back. Tailscale is just too much other stuff. I just need to be an IP ony LAN, I don't need all the other stuff.

[–] abimelechbeutelbilch@fulda.social 1 points 2 months ago

@cinimodev @0_o7 @NaiP What can be easier than edit a #yaml file and do a #docker compose up -d 🤷🏻‍♂️

[–] chihuamaranian@tech.lgbt 0 points 2 months ago (1 children)

@abimelechbeutelbilch

I have wireguard on my router and it has completely replaced tailscale.

My mobile device is always connected to my homelab now. I have access to my private tools, and pihole adblocking on top of that.

I still have to figure out how to set up my homelab containers to use a VPN proxy for egress traffic, so I'm liking and boosting your post to come back to it later when tackling that project.

@0_o7 @NaiP

[–] abimelechbeutelbilch@fulda.social 1 points 2 months ago (1 children)

@chihuamaranian

You only want your #homelab #containers use a #wireguard #vpn or all from your homelab computer(s)?

First you need a wireguard server "outside" to tunnel your traffic to. I have WG on some cloud servers at german datacenter provider #Hetzner , so I can start/stop a VPN easy like this:

wg-quick "$1" ~/dev/wg/hetzner-"$2".conf

with first argument = down/up
and second argument = shortname for my VPN server = location at #hetznercloud

@0_o7 @NaiP

[–] chihuamaranian@tech.lgbt 1 points 2 months ago

@abimelechbeutelbilch

@0_o7 @NaiP

I am mostly considering how to get my torrents running through the VPN at the moment.

I have nordvpn in a container, and I am upgrading to a better provider.

However, their tools don't work in docker (they all depend on systemd, which isn't present in container space) so I need to get an openvpn configuration going that uses them.

Once my primary use case is configured, I would like to experiment with using it for other traffic, too.