Your Own FREE VPN with Raspberry PI, Wireguard, Docker Compose and DuckDNS using Port Forwarding.

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody it is New Year's weekend I just got back from my holiday break which I spent with family and friends out in Massachusetts and even though I was hundreds of miles away I was still able to access all of the home services from my home server in this video I'm going to be showing you how I did that basically I created my own VPN using a technology known as wire guard even though I was out there hundreds of miles away I could still access my nexcloud my jelly fin all of these services that I self host in a home server for this video I'm going to be showing you how to do it via port forwarding you're going to point a domain name to your public IP of your router and then that is going to point to the Raspberry Pi I'm going to I have a little diagram here for better clarification I like to show diagram so that people just don't blindly run things without understanding what's happening you are going to have a device this is going to be a cell phone a laptop with a wire guard connection basically this request is going to go to some access point it can be a 5G antenna it can be someone else's Wi-Fi and then that is going to go to a URL uh in this case is the duckdns URL that is going to point to your router's IP address the public IP address and then that request is going to go to the Raspberry Pi through wire guard and then that is going to send it back through your router into the open internet so any service in the open internet is going to make it look like your your request is coming from your home router instead of a 5G antenna while this is great is also allows you since you're connected to your router to access all of the Home Services in the Raspberry Pi or any other servers that are connected to your network and I think that is pretty sweet now for this like I said we're going to be using wire guard we're going to be using a container for Doc DNS which will basically update the IP address every time that it changes in North America IP address for home addresses tend to like rotate and if you want a static IP address you need to pay extra or have some sort of business account we don't want that right so duck DNS has a service that basically every time it detects that the IP changes or every like five minutes it checks it then updates the domain name pointer so that you don't have to worry about that and it's always up to date which is pretty awesome now for this video you're going to need to sign up to duckdns it provides like a free domain name server so you don't have to pay now if you want to pay and you want to have your own domain that's okay you know go for it um the steps are going to be pretty similar although you will need to find a way to update the IP address of that domain uh depending on what on which service you use for so for this video everything is going to be free and we're going to be using port forwarding we signed up for duckdns using the Google oath now this is the dashboard that you get you have a token and your account uh email address all of this is fine in Dandy obviously for me I'm going to blur it out because this is kind of like private information or semi-private all you need to do is create a subdomain that we're going to be using to use with our VPN this subdomain needs to be unique unfortunately because a lot of people use duck DNS it's kind of hard to find like unique subdomain so we're going to try something and see if it works let's do CF for code fallacy dvpn let's add this domain oh unfortunately it is taken by another user okay so let's do CF VPN without the dash maybe we can get lucky and we did every time we Access cf. VPN DOD dn. is just going to point to my IP address obviously this is blurred out but you should be able to see your IP address because this IP address can change we would need to like relog into doc DNS and update it manually every time it changes we don't want to do that so duck DNS provides a service that it right right here you can basically has been containerized by the Linux server IO team but you can install it normally if you don't want to use a container let's scroll down here let's copy this configuration let's go to our Raspberry Pi we're going to be creating a directory called wire guard we're going to enter that directory and then in here we're going to paste the configuration into a Docker composed file so doc Nano docker-compose doyo then here we're going to paste that configuration and this image for this container is pretty that simple all you need to do is come here and add the sub domains that you would like to use for example ours is CF bpn dn. but you don't need to provide that then you need to paste the token right here of your account so that it can authenticate and actually update the IP address let's go back to the doc DNS dashboard let's copy this token right here and then let's go back to our Docker compose um and the last thing we need to do of course is point to the correct path for the configuration like you seen in other videos I like to go to the home slash the user with in this case is code fallacy whatever the user is for your Linux server whether it's a Raspberry Pi or any other server this is the path that we wanted to go to and then wire guard when we run this Docker configuration for duck DNS it should create a config file inside of the wire guard directory that we just created let's do crol o to save it and then contrl X to exit if we do Docker compose up and then we want to run it in detach mode so that when we close the terminal it doesn't automatically close the container that's why you see this little dashd okay and just like that it's going to download the container and get it running and that's all you need to do for updating your duck DNS subdomain to always have your IP address now that we're done with the duck DNS portion we need to go let's close this one out and set up the wire guard container for wire guard we're going to follow the same path right let's scroll down to the configuration for the yam or this big old config right here let's copy it then let's go back to our Raspberry Pi let's CD back home and at the home level we are going to create a directory called wire guard that's CD into wire guard and then in here we're going to paste that Docker uh that Docker compost yaml configuration so Nano Docker compost. yaml and then in here we're going to paste the configuration this is also a pretty simple Docker container is pretty awesome um but you will need to make a couple of changes the first one is how many peers do you want basically because we're not going to be using a user interface or sort of UI you need to specify how many distinct connections you want to be allowed for your wire guard for example I have a distinct connection for my phone I have a distinct connection for my spouse I have a distinct connection for like a bunch of different computers which basically total to a lot so what I like to do is just create 10 even if you don't use all of them having extras never really hurt and you can distinguish which people connect to your wire guard configuration from others so let's create 10 uh the port is correct um allowed IPS I'm going to comment this out because you would need to like specify which one I think if you just leave it at 00 Z it should work but please just comment it out for the sake of Simplicity we need to add the server URL we basically created our own duck DNS this is where we would add the that domain so let's do it again CF VPN duckdns.org let's update the volume and just like I do for all my configurations it's always going to be at the home user of the Linux which is code fallacy I know I sound like a broken record and then the name of the service in this case wire guard I like to do the same thing for modules even though it it's claimed as an optional thing uh it's I think it's just better to have it created at that local folder so now it's going to create a config inside a wire card and a modules directory inside of that and that's pretty much it I think we're good to go so if we do crl o to save it enter crl X to exit we should be able to just compose up- D this container just like that that it is done the last thing that we need to do we need to forward all the traffic for Port 51820 we need to forward all the traffic that comes through that port in our own router to the IP to the local IP address of our Raspberry Pi so in my isus router all I need to do is go to the wide area network or one then up here port forwarding and and basically I have another machine doing all the work but I am going to change it so that we can use our Raspberry Pi now as our wire guard server and just like that everything is hooked up um I forgot to mention when doing the port forward that you should make sure that the protocol for the port forwarding is UDP not TCP UDP please for the sake of this video I'm going to be showing you how to connect your wire guard server to to a mobile device like a smartphone if you don't want to use a smartphone or you want to use a laptop you should be able to follow along except for the part where you show a QR code instead you just copy over the configuration what you need to do is install the wire guard client in your mobile device or computer or wherever you want to use it and then in here let's go back to the wire guard if we do LS you should see a configuration directory has been created in the wire guard folder let's CD into that config and do LS and you can see all of the peers that were created basically these are unique accounts for wire guard to be used for my phone let's use Pier 3 Let's CD into Pier 3 and in here you will see either a com file a PNG which we're going to copy over to the host machine and a bunch of other things now what I'm going to do is I am going to to use a command called SCP to copy over just the QR code uh for that we need to know the working directory so PWD to print the working directory we're going to copy this over we're going to open a new tab and then in here we need to do SCP secure copy we need to specify the user which is code code fallacy and then at and then the IP of our Raspberry Pi which is a local IP of 192 168.50 116 then we need a column and then we need to paste the um uh the path that we just copied over and since we're just copying over the image we're going to do pier. PNG oh sorry Pier 3 PNG and we're going to copy it over to our local users um the host machine this is like the path for the host machine uh the user for this is LPM and then desktop and because I it should ask you for a password unless you added a secure key I added a secure key it didn't ask me for a password which means that pure 3 is now available in our desktop if we go to finder desktop you can now see right here this QR code right here is all we need so let me record on my phone now you should be able to see my phone if we go to the wire guard application let me disconnect this this is an old wire guard connection let's add a new one and we're just going to scan the QR code allow only this time and then we should be able to scan it once we scan it we just add a name let's do code fallacy pier three oh I think I exceeded the name okay let's just call it pier three and then create that tunnel and let's disconnect from Wi-Fi and with my phone we should be able to go to something that will show our IP so this is the IP address of my phone I'm not going to show the whole thing but it does end in 229 once we enabled this pier 3 we should now see a different IP in this web page and we do we see our actual home IP and just like that you have wire guard set up and you should be able to to access local services to finally wrap up this video I am going to show you here how I can access my jelly finin instance that I'm running on another server even though I am on 5G which means I am outside of the network as you can see I can go to the local IP here and it accesses jelly Fin and just for shits and giggle let's do a speed test let's go to fast.com or fast.net and you know pretty good 50 plus download Over the VPN that's not bad at all if you found this video helpful uh give it a like I really appreciate it and if you want to stick around please subscribe
Info
Channel: Code Fallacy
Views: 792
Rating: undefined out of 5
Keywords: Raspberry Pi, Pi, pi 5, Raspberry Pi 5, Raspberry Pi 4, Wireguard, vpn, openVPN, freevpn, self-host, docker, docker compose, duckdns, duckdns container, dns, networking, raspberry pi, linux, foss, linuxserver.io, home server
Id: 3VPtSRVybA8
Channel Id: undefined
Length: 14min 42sec (882 seconds)
Published: Sun Dec 31 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.