Selfhosted

52611 readers

471 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Help setting up a selfhosted VPN at home (lemmy.world)

submitted 2 months ago* (last edited 2 months ago) by NaiP@lemmy.world to c/selfhosted@lemmy.world

26 comments fedilink hide all child comments

Hello there,

Just want to preface that this is for selfhosted purposes, I may be routing my network in other way later.

I wanted to be able to setup a wireguard docker container with gluetun such that I can connect multiple devices to it at home, in order to minimize my "five device limit" with mullvad. I have the following docker compose:

  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun-wireguard
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - ./gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=#
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=#
      - WIREGUARD_ADDRESSES=#
      - SERVER_CITIES=#setup#setup
      # Timezone for accurate log times
      - TZ=#
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h
    ports:
      - 51820:51820/udp
  wireguard-server:
    image: linuxserver/wireguard
    container_name: wireguard-server
    network_mode: service:gluetun # << important
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - SERVERPORT=51820
      - PEERS=iphone
      - PEERDNS=auto
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    restart: unless-stopped

Whenever I try connecting to it by iphone, which is my first attempt for the peer, it doesn't quite work out. The packets are received by the container, and querying cloudflare as such works:

$ sudo docker exec -it wireguard-server ping -c 3 1.1.1.1

Is there any obvious error I've made?

If I'm making the XY Problem, please let me know. If there is a more apt community, please let me know.

you are viewing a single comment's thread
view the rest of the comments

[–] 0_o7@lemmy.dbzer0.com 2 points 2 months ago (6 children)

We still haven't heard your solution to OPs problem, if that's so simple?

[–] abimelechbeutelbilch@fulda.social 2 points 2 months ago (5 children)

@0_o7 @NaiP

I use https://github.com/linuxserver/docker-wireguard and followed the "Usage" to install and start my personal #wireguard #VPN server(s) - at #homelab and on my cloud servers at german datacenter provider #Hetzner #hetznercloud

This took me only some minutes to have a running VPN for my mobile devices and laptops for everyone in the family.

Important: to reach my VPN at home a #portforwarding from ISP router to my homelab linux server is needed.
WireGuard does authenticate devices - not users! So you need a config for each devices!

[–] cinimodev@masto.ctms.me 1 points 2 months ago (1 children)

@abimelechbeutelbilch @0_o7 @NaiP Oh I've been looking for an easier to setup wireguard! I have been reluctantly using Tailscale since PiVPN dev had to take a step back. Tailscale is just too much other stuff. I just need to be an IP ony LAN, I don't need all the other stuff.

[–] abimelechbeutelbilch@fulda.social 1 points 2 months ago

@cinimodev @0_o7 @NaiP What can be easier than edit a #yaml file and do a #docker compose up -d 🤷🏻‍♂️

load more comments (3 replies)