The WireGuard tutorial that finally got me to convert from OpenVPN
Do you plan to keep the VPN always on? Is wire guard good at handling this. I’ve had issues with OpenVPN before where it either doesn’t connect back again or just takes a long time. Therefore I only connect in when I need to.
If only it had the part on how to create the qr code for easier mobile device setup.
I’d like to thank Mikkel, no joke you’re tutorial is awesome.
If you’ve ever wanted to make the conversion, he explains how to get WireGuard working extremely well.
That makes it look super easy. I am just to lazy to change from open VPN
Going to show my complete ignorance here - please be kind. 
Currently using OpenVPN that comes with my Sophos UTM. Would I be able to start using WireGuard alongside OpenVPN? That way I can 1. test it out, and 2. slowly migrate devices to Wireguard?
The tutorial says there is no “server” or “clients”, just “peers”. But essentially there will be a “server” at home, and devices like my laptop and phone would be the clients, right?
And lastly - will devices on my home subnet (192.168.1.x) be able to talk to the outside devices that are connected via Wireguard (10.14.0.0)? In my mind that would require a static route in my UTM that points traffic on 10.14.0.0 to the Wireguard “server”. Am I on the right track?
PiVPN is the easiest way.
Serious question.
I have OpenVPN setup and happy. This includes Tasker automatically connecting when away from home.
Why would I want to switch to WireGuard?
This is the area of self hosting I have yet to try out. I think I’ll give this a try next, but I have a question:
What I would like to have is a VPN setup on a VPS.
I have three separate home networks (my home and two family homes), they each have a raspi already setup on their respective networks.
What I want: When the users are on their own LAN, they are also have access to the VPN (without having to use a VPN client on every individual device) and not that all of their traffic is routed through the VPN, just for the specific services I want them to have access to. So it’s more of an extension of the local network to feel like they have other local services running that are actually hosted some place else.
Of course when they are not home, they would have to use a VPN client to have access for their device, but not when they are on their LAN (it all feels like one big home network).
How would I do this or at least what do you call a set up like that? I think my biggest blocker is I have 0 knowledge of networking and the terms needed to even google this.
I use wireguard and can attest to the speed of it. I haven’t used openvpn but was under the impression that they serve different functions.
You need udp ports to be open for wg. If you’re out and about on public networks, udp 51820 may not be open.
OpenVPN allows vpn via https 443tcp layer. In fact I was thinking of switching from wg to openvpn for this.
Wg is useful for server to server where you control the networks.
Someone more experienced correct me if I’m wrong!
So I would be running this alongside pihole on my raspberry pi. I tried the simple setup using pivpn, and was able to connect through wireguard, but the connection wasn’t great… Random web pages worked but lots of stuff just didn’t. OpenVPN does work fine though.
I would likely try this manual setup, but I wonder if it would really be any different. Can anyone provide some info that might make it worth the relatively minor hassle to set this up manually?
Nice! Thanks for sharing.
Thank you for the article, I now also did a conversion
I’m gonna have to Necro post on this. The link doesn’t work anymore. Does anyone have a alternative or a screenshot?
Does wireguard work with nftables instead of iptables? If so, can anyone please point me towards the relevant documentation or support? Thanks, in advance!
This might be a stupid question, but is this only for secure connection to your home network from outside your house? Or does it work the ‘other way’, ie stop your ISP from seeing your Linux ISO activity on your home network? I need to set that up but not quite sure where to begin
I’ve heard great things about wireguard. I think it might be time to bite the bullet.
Do you know if you can configure fail2ban with WG? Trying to finds logs but have had no luck
I’m having issues with wireguard and oracle cloud. It connects to the server and I could ping it but can’t connect to the internet. And googling doesn’t help my iptables setting are correct.
Sysctl setting are already at 1
Any suggestions?
You can also use premade scripts for faster deployment. For those wanting to use a VPS or dedicated VM, this script has worked wonderfully for me.