Create a FREE, PRIVATE, VPN with WireGuard

Create a FREE, PRIVATE, VPN with WireGuard - How To

Рет қаралды 14,490

Jim's Garage

Күн бұрын

Пікірлер: 46

@SteveH-TN 11 күн бұрын

Thanks for sharing this video and your experiences !

@Jims-Garage 11 күн бұрын

My pleasure!

@berniesutton7277 2 ай бұрын

Very handy. Thanks for putting me onto this. Cheers, Bernie

@BrianPhillipsSKS Жыл бұрын

I love Wireguard, I use it literally everyday to remotely connect to my network for admin/tinkering. And it's 100% self hosted, unlike some other solutions

@Jims-Garage Жыл бұрын

Totally agree, it's an awesome tool. I'd struggle without it!

@chrisumali9841 Жыл бұрын

@@Jims-Garage I agree, but do you feel secure port forwarding, since you are using the Sophos XG? Just wondering from your security point of view.

@Jims-Garage Жыл бұрын

@@chrisumali9841 yes, WireGuard is fundamentally different to openvpn. It won't even respond unless you're authenticated so the attack surface is pretty much non-existent.

@chrisumali9841 Жыл бұрын

@@Jims-Garage yeah, you are right, the cryptographic key and trust are solid. Thanks for your thought and insight.

@drreality1 Жыл бұрын

Thanks Jim, I found tailscale, which uses wire guard as backbone work more seamless. It can bypass blocked udp firewalls, doesn’t require port forwarding (udp hole punching), easier ACL and user management. Granted you’re handing the handshaking to tailscale but you can run the server locally

@Jims-Garage Жыл бұрын

Thanks. Yep, tailscale (or headscale the opensource alternative) are on my to-do list. Wanted to start with the basics for people first.

@drreality1 Жыл бұрын

@@Jims-Garage thanks a lot, that’d be interesting to watch, I’d be grateful if part of the video is on ACLs please, I don’t know how to restrict a user of the network to a single internal ip

@Jims-Garage Жыл бұрын

@@drreality1 sure, I'll cover that. One way you could do it using traditional methods is to put the container on a macvlan and then set granular rules based on IP in your firewall (there's like a better approach with code though, let me investigate).

@drreality1 Жыл бұрын

@@Jims-Garage I’ve not thought of this actually, firewalling the container to certain ips only, brilliant idea that’s brilliant The only drawback is that everyone on the mesh network will be restrained by these rules

@Jims-Garage Жыл бұрын

@@drreality1 it's a lot easier in Kubernetes with networkPolicy but Docker doesn't have those advanced features.

@tightning Жыл бұрын

Great video, good breakdown on the choice of VPN. Very handy toolset and nice setup guide

@Jims-Garage Жыл бұрын

Much appreciated!

@chrisumali9841 Жыл бұрын

Thanks for the demo and info, have a great day

@Jims-Garage Жыл бұрын

Thanks, glad it was useful.

@alexplane3279 8 ай бұрын

Thanks again Jim ..works like a charm ...

@Jims-Garage 8 ай бұрын

Good to hear, glad it's still up to date.

@kevinhughes9801 Жыл бұрын

Just found ur channel and subbed thanks love content

@Jims-Garage Жыл бұрын

Thanks, Kevin. I appreciate the feedback.

@simpoz-8760 3 ай бұрын

But what about the fact that several different devices can use one QR code, is it possible to somehow limit the possibility that when connected using the QR code of the device, it ceases to be valid

@cicievie Жыл бұрын

how about ipv6? that wireguard only for ipv4, can u please help make for ipv6 please..

@Jims-Garage Жыл бұрын

Thanks, I know ipv6 is becoming increasingly common. I'll look into it and do an update later.

@JGNiDK 8 ай бұрын

Do you think either this, or a Tailscale video, could show how you could use your Pi-hole on the run also? I'm very tired of adds, when I'm away from home.

@Jims-Garage 8 ай бұрын

Make sure you set DNS to the PiHole IP and don't split tunnel (set allowed IP to 0.0.0.0/0)

@JGNiDK 8 ай бұрын

@@Jims-Garage that should be enough?

@Jims-Garage 8 ай бұрын

@@JGNiDKThat's how I have it.

@JGNiDK 8 ай бұрын

@@Jims-Garage so follow your video, and set the DNS IP to my PiHoles? Then accessible outside of your network?

@redpurple1035 8 ай бұрын

Hey Jim, love your work. could you please go into depth about MTU... i am so scratching my head around this part. Few days ago, my vpn tunnel was doing 320 ish Mbps download and 50 ish upload while WG TUNNEL is active... but recently it drops for no reasons to 100 ish downloads and upload is still the same around 50 ish upload speed. I already did the fragment test using cmd and it is always at 1392 the last biggest MTU with zero loss. My router is behind O.N.U. and the router is connected to the wan with PPPoE at 1492 MTU. Note : My router is Asus RT-AX82u My ISP Based package is 300 d / 50 u

@hugotorres9863 Жыл бұрын

Hi Jim, thank you so much for this video, once again! I have an issue currently that you might be able to help me with. I can connect successfully to my local network but i can only access my services via their IP. I have Nginx setup with domain names and certificates but when i try to access them via their domain name when connected via wireguard i just can't, could it be a DNS issue or something ? Thanks in advance

@Jims-Garage Жыл бұрын

Thanks! Have you set your DNS IP in the WireGuard config? Make sure it points to the IP address of your internal DNS server.

@hugotorres9863 Жыл бұрын

@@Jims-Garage at the moment I don't have a local DNS server setup. Basically what I did was setup a record in duckdns pointing to the internal IP of my pi running nginx then proxy the hosts. I would need a pihole for it to work with wireguard ?

@Jims-Garage Жыл бұрын

@@hugotorres9863ahh okay. No, you don't need an internal if you're doing it that way. You should just need to make sure that "Allowed IPs" includes the services you want to access, and that your docker host has access to them (i.e., there isn't a firewall rule blocking it).

@FilipeNeto616 5 ай бұрын

Hi, I've deployed WireGuard and I'm able to access my internal network over my mobile (5G network). However I can only access it directly to the IP. If I try to connect through the DNS I'm getting DNS_PROBE_FINISHED_NO_INTERNET or DNS_PROBE_FINISHED_BAD_CONFIG. Either for the DNS configured at cloudflare or the ones configured local in my PiHole. At the wireguard docker-compose file I've WG_ALLOWED_IP my entire local/24, and in WG_DEFAULT_DNS I've my internal PiHole IP. At Sophos I have configured a DNAT between WAN and my docker-proxy IP, port 51820 udp. Any clue?

@Jims-Garage 5 ай бұрын

Edit the config on the mobile app and set your DNS IP to your internal DNS resolver.

@FilipeNeto616 5 ай бұрын

@@Jims-Garage I've done that and the problem persists. Something is missing me. I'll post an update as soon as I sorted out. Thank you and keep posting videos. Very helpfull.

@Jims-Garage 5 ай бұрын

@@FilipeNeto616 thanks for the feedback. Keep going, you must be close.

@FilipeNeto616 5 ай бұрын

@@Jims-Garage One thing I found out, my Chinese OPPO doesn't like custom DNS servers. It tends to prefer his onw kind of hardcoded DNS servers... guess why... Nevertheless I'm now testing it with another laptop and something still not OK, but for sure I'll sort it out. It's a matter of time and persistence.

@andrei5230 29 күн бұрын

@@FilipeNeto616 I have the same issue, did you manage to get it to work?

@Robertjaymercer 11 ай бұрын

Hey there Jim, thank you again for your video. I have a question, is it possible to configure a tunnel to access only certain ports? (I'd like to access only certain app and not the entire server) thank you :)

@Jims-Garage 11 ай бұрын

Put WireGuard on its own vlan and control it with firewall rules would be one option. It's the same process I follow in my Cloudflare Tunnels video.

@Robertjaymercer 11 ай бұрын

@@Jims-Garage thank you! I ll need to build a firewall then lol

@redpurple1035 8 ай бұрын

for android-wireguard-app ... you can specifically choose what app can go through the wg tunnel ... (it is exactly like a split tunnel situation but on software/app level 🙂

@Robertjaymercer 8 ай бұрын

@@redpurple1035 thank you sir! :)