Self Hosted EASY Wireguard Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] so [Music] welcome back today we're going to talk about how to add wireguard to your self-hosted home lab environment so there is a product i found out on the net called wg easy and it provides a very easy way to implement a wireguard server on your network and manage it all self-hosters need safe and secure access to their home labs i like to use apache guacamole which is covered in my what is apache guacamole video because it provides access to only the servers you might want to provide access to as opposed to providing access to the entire network sometimes there's a need to connect remotely and to be able to access the entire network though and that's what wireguard's good for so wireguard is a fast secure and simple vpn tunnel unfortunately wireguard is a protocol and not really an end user program there's been several programs written out there to try to make wireguard easy but it's a series of configuration files and this pro this product makes it easier to use so this presentation shows how to build a wireguard easy server with a web portal to authorize users okay let's turn around and install wire guard today begin with i have a virtual machine that i'm using and the reason for that is because i don't have kernel support in my in my main host for wire guard so that's why i'm using the virtual machine and it didn't take very much of a virtual machine i'm running ubuntu 2004 and i gave it four gigs of memory i could probably get by with two gigs of memory because it's just the server version so first of all what we want to do is we want to install docker going out here and installing docker with the curl command done this before docker has a very nice script to go off and install curl or install docker with the curl command now that docker is installed i want to add myself to the docker group and i'm going to go ahead and do a new group docker and you can see if i type groups i'm now in the docker group so now i want to install docker compose now i'm going to sudo over to super user i'm going to do a make dur on wg easy as a hidden file hidden folder i'm going to go ahead and move into that hidden folder and then i'm going to go get this particular github project called wg easy and it's downloaded i want to go ahead and edit uh the docker compose which came down as a part of that and now in this docker compose the author has set up the host as raspberry pi dot local in this particular case i'm going to make it wireguard dot scottabyte.com which is my domain down here you have an optional password the password is for the portal itself and the portal is where you define and assign new users so set this to something really super secret i'm going to set it to testing one two three later on and change it to something else in terms of a wire guard port number it will default to 51 820 you can change the wire guard port to anything you want to use you just have to open that port on your router and as far as the wire guard address this is its address that it uses for client machines that come into the network and then a default dns is something else so we'll go ahead and say fine go ahead and use ten dot we'll just tell it to use 10.5.0.x it's a private domain and then we'll say non-writable domain another's private address and then we're going to say go ahead and use 1.1.1.1 cloudflare as our dns and then i'm going to leave this one commented out basically this restricts you only to particular networks but i'm going to allow um the person that comes in via wireguard to also go out to the internet and by leaving that comment out that's what i assure will happen so we joule uh wg easy is the name of this thing uh there's the ports and there's everything that's all there is to it so i'm gonna do a control x and i'm gonna save it and exit oh yeah there's one more thing i want to go back in here this says um 3.8 for the version number i'm going to make it three because my docker does not like 3.8 it doesn't see it as a valid value all right so now that i've done this all i have to do is do a docker dash compose space up to test it out it goes ahead and pulls the docker container down as you can see here and the interface is up and running we set up wireguard to operate at port 51 820 by default and in order to test out the web interface they put the web interface at port 51 821 and you'll remember that our password that we set up was testing one two three and now you can see that it is up and running so all you need to do in order to use this is to click on new client and you can give the new client a name like scott test is what i'm going to do create that entry and then you can either download the wireguard configuration file or if you loaded wireguard on something like a phone or a tablet that has a camera you can click the qr code and you can scan the qr code so now i'm going to add my scott test client profile over to my phone so what i'm going to do here is bring up the display and i am going to wake up my phone and here's my phone and now what i'm going to do is press the plus sign on the phone and i'm going to say scan from qr code i'm going to use my camera to take a picture of the code and i'm going to go ahead and call this tunnel name scott test and create the tunnel and now what i'm going to do is turn the scott test tunnel on go ahead and bring the phone off here and you'll be able to see that down here it says that scott it's very hard to see but it says that scott has got an address of 10.5.0.2 you remember from our setup and then as it does data it will actually uh track how much data is being sent and received however since i'm on my own network it's kind of a moot point doing this the other capability you have is that you can have a client here now what i'll do is i'll go back to the phone and i will disconnect the phone and now go ahead and tap that turn that off and now you notice that the if i turn the setting off here for the client that client won't be able to connect or i can turn it on to enable it again and of course i can always look at the qr code to scan it again and i can always delete the client to remove it from the configuration and you can add as many clients as you want in our wire guard installation one of the things that we did was we gave it a domain name so now i'm going to go into nginx proxy manager and i'm going to define that domain name as a reverse proxy so i'm logging into my nginx reverse proxy manager going to proxy host adding a new proxy host we're going to add wireguard.skatabite.com we're going to put that to address 192.168.50.234 and we're going to put in the ford port to be 5 b51821 [Music] because that was the ford port for the web interface in order to manage this thing and i'm going to go ahead and say block common exploits i'm going to go over to ssl and previously i had an ssl certificate for wireguard so i'm going to find it if you didn't have one you could go ahead and request one and i'm going to say force ssl and i'm going to save this out so the advantage of this is that now if we go down to wireguard.skatabyte.com we go right to the wireguard login page where i can type in testing123 and i can see the web interface and i can create new clients the other advantage that it has is that the name wireguard.skatabite.com will then always point to my wide area network address so that when wireguard clients try to connect from the outside they'll know where to go as opposed to always having to hard code a wan address so that's why you're going to need a domain name in order to do this in summary wireguard provides a more reliable mobile connection than openvpn because it handles network changes and network interruptions better wireguard has a good 20 percent less overhead than openvpn wireguard is more secure and reliable than l2tp with ipsec or point-to-point tunneling protocol from microsoft which is the original uh point-to-point tunneling protocol available in windows 95 i believe and then um sstp secure socket tunneling protocols integrated with microsoft windows sense vista and it uses a 2048-bit ssl tls certificates for authentication and then 256 bit ssl keys for encryption but again like pptp it's proprietary and then internet key exchange version 2 is similar to l2 tp and it pairs with ipsec you can see a lot of companies uh maybe even still use that and so from this video you can see that wg easy was a very easy to configure version of wireguard and basically what it is is wire guard with a web front end to allow you to manage your clients which is secure fast and reliable and most importantly wireguard is open source anyway thanks for visiting with me today and if you like what you see please give me a subscribe and like on the channel and we'll see you on down the road next time thank you [Music] [Applause] [Music] you

Info

Channel: Scotti-BYTE Enterprise Consulting Services

Views: 4,784

Rating: undefined out of 5

Keywords:

Id: hCb-gntWt00

Channel Id: undefined

Length: 15min 49sec (949 seconds)

Published: Sun Oct 17 2021