appreciate your walkthrough. i wanted to mention that all open ports on a network can be scanned very easily. obfuscating which port your vpn is running on isn't a bad idea, but it doesn't prevent someone from seeing what ports you have open on your network (i.e. nmap -p-). authentication procedures and firewalls must be considered when opening up your network to the outside world. just wanted to throw that out there, not trying to be a jerk
Yeah you’re right 😂 i just changed it in case someones scanning like a bunch of networks for one port but if someone scans the whole network then it wouldn’t really matter
I tested wireguard in several scenarios, because of the docker network you will have a significant performance drop. The ideal setup is to have a docker setup for controlling the native wireguard install with a web application where from you can create and delete peers and also to have a sort of monitoring.
What did you use to set up the web interface for creating and deleting peers? that would be insanely useful I just haven’t looked into it much. Thanks for the input
@@MadhuKraft I think he is refering to wireguard easy. It is very easy to set up. I dont know if its any less secure. Maybe you could do a quick video.
I love this video it’s not overwhelming with details just instructions on how to meet each checkpoint…..I have plans on using this same method except Im going to apply it to my external hard drive 2Tb and use kubernetes to help me manage the container then connect the vpn to my wsl……from this scenario I gave do you think I’ll run into any issues and do you feel I should include anything extra in my strategy to make sure the connection is consistently successful
Yes you would only need to port forward one port. The port that you set in the docker compose file and after that, you can access your home network from that one vpn connection
I have followed your steps and when i using wireguard client to connect this shows up "One or more endpoint domains could not be resolved." Any idea why?
I’m glad it worked! If your server is running in your home network, then all of the traffic with the vpn connection will go through your network’s isp. If your server was in some other place like in another network, then all traffic will be seen by that network’s isp. But even without a vpn your traffic is encrypted All ur isp will see is the domains you access, nothing else. If you really wanted to hide what domains you go to from your isp, you would need to have a vpn server in some other network where that network’s isp will be able to see your domain history but I don’t think it really matters that much. If you don’t mind, what isp do you use?
My client can establish a connection to my wireguard server but I can't access any devices on my home network. Don't you need to make a post up script with some iptables so the traffic can get out of the docker container and into the home network? Help please?
By default you should be able to access the devices in your network, but they will appear to be the local ip of the computer that is running the vpn server. Are you able to access the router settings page from your vpn client?
I’m pretty sure that means ur not in the directory where the docker-compose.yml file is located or your file isnt spelled right. Your file should be named docker-compose.yaml or yml
the purpose of a vpn is to connect a device to another network to gain access to services that are run locally in that network but a lof of people do just use vpns from companies to access geo locked content. those companies are basically just acting as proxies but i guess you could use it like that
I’m so lost on this vpn discussion so wireguard gives you an option to remote access your devices outside the network correct? But does it hide my IP like NordVPN I’m just trying to find a way to have NordVPN hide my IP and have a remote access vpn so I can use my jellyfin sever
yes wireguard lets you access all of your devices from outside of your network. I’m just wondering why you need your ip address to be hidden if you’re just connecting to your home’s jellyfin server. There’s no need to have a vpn connection to nordvpn and then another vpn connection to your jellyfin server but I might be missing your point
@@MadhuKraft I use NordVPN to torrent and I just want my vpn on for safety and I wanna use wireguard to access my jellyfin out side my local network so i can watch it when im at work not just in my house only . But I just want it behind my vpn since I might use jellyseer down the line to torrent and request shows
@@MadhuKraft What I mean is that the client connects to the docker's internal network over the internet, and the client loses internet. Yes, it has access to the docker network, but it does not have access to the Internet through this docker container. So it's basically just a VPN into the container. And then the question is, how do we make it so that this access to the docker VPN gives access to the internet through the same server.
since the computer and phone are connected to the same server you can connect between them with their vpn client addresses. On your computer ssh into the vpn server while connected as a vpn client and if you type “who” in the terminal you should see the ip address of the vpn client. On your phone u can do the same thing but you would need to download an ssh client like termius
you would need to port forward the vpn port on your router. Your router needs to know which incoming requests are for which device. sorry for the late response I didn't get the notification
no, i am from india, it is a local provider, the router they provided seems like from 2000s, it has no functionality other than change the internet acces password and wifi password/ssid. I had so my things i wanted to do with pi zeros and acces them from outside my local network, but well, will have to search for alternetives
@yugalkukde7 oh well I use cloudflare's reverse proxy to host my website on my server computer without port forwarding and it works pretty well. I don't know if cloudflare's reverse proxy lets you expose anything other than https and http though
appreciate your walkthrough. i wanted to mention that all open ports on a network can be scanned very easily. obfuscating which port your vpn is running on isn't a bad idea, but it doesn't prevent someone from seeing what ports you have open on your network (i.e. nmap -p-). authentication procedures and firewalls must be considered when opening up your network to the outside world. just wanted to throw that out there, not trying to be a jerk
Yeah you’re right 😂 i just changed it in case someones scanning like a bunch of networks for one port but if someone scans the whole network then it wouldn’t really matter
great lofi beats
I tested wireguard in several scenarios, because of the docker network you will have a significant performance drop. The ideal setup is to have a docker setup for controlling the native wireguard install with a web application where from you can create and delete peers and also to have a sort of monitoring.
What did you use to set up the web interface for creating and deleting peers? that would be insanely useful I just haven’t looked into it much. Thanks for the input
@@MadhuKraft Hello, I sent you an email with some details. Best regards.
@@MadhuKraft you can use wgeasy
@@MadhuKraft I think he is refering to wireguard easy. It is very easy to set up. I dont know if its any less secure. Maybe you could do a quick video.
I love this video it’s not overwhelming with details just instructions on how to meet each checkpoint…..I have plans on using this same method except Im going to apply it to my external hard drive 2Tb and use kubernetes to help me manage the container then connect the vpn to my wsl……from this scenario I gave do you think I’ll run into any issues and do you feel I should include anything extra in my strategy to make sure the connection is consistently successful
does I need to do port forwading from router too.
Yes you would only need to port forward one port. The port that you set in the docker compose file and after that, you can access your home network from that one vpn connection
Tried installing this on a VPS i can connect to the wg server successfully but i can't browse the internet?
same :(
Really helped a lot, Thanks!
no problem!
54321 would be less likely then 12345 as it starts at 0- rather then backwards
I did all of this and connected on my phone using qr code but nothing is working, pages or apps aren't opening
Just declare a macvlan network in your docker compose and assign it a different IP ;)
I have followed your steps and when i using wireguard client to connect this shows up "One or more endpoint domains could not be resolved." Any idea why?
Extremely useful tutorial, got the server running and connected to it with my phone. question: can I use this VPN to shield my activity from my ISP?
I’m glad it worked! If your server is running in your home network, then all of the traffic with the vpn connection will go through your network’s isp. If your server was in some other place like in another network, then all traffic will be seen by that network’s isp. But even without a vpn your traffic is encrypted All ur isp will see is the domains you access, nothing else. If you really wanted to hide what domains you go to from your isp, you would need to have a vpn server in some other network where that network’s isp will be able to see your domain history but I don’t think it really matters that much. If you don’t mind, what isp do you use?
Thanks for a such video.How can i view connection logs and permit users only certain local subnets?
My client can establish a connection to my wireguard server but I can't access any devices on my home network. Don't you need to make a post up script with some iptables so the traffic can get out of the docker container and into the home network? Help please?
By default you should be able to access the devices in your network, but they will appear to be the local ip of the computer that is running the vpn server. Are you able to access the router settings page from your vpn client?
didn't quite understand if I need a particular OS for doing all of this. Can I have ubuntu server on my machine?
Yes you can use ubuntu server and install docker to do this
Showing the apps for connecting like on android would have been nice.
yeah i could’ve done that but all u need to do is click like two buttons to import the config file so I didn’t really think anyone wanted to see that
@@MadhuKraft The reason Suggested it is it would allow you to show it working. Anyway thanks for making this it helped.
no configuration file provided: not found
what is the problem here
I’m pretty sure that means ur not in the directory where the docker-compose.yml file is located or your file isnt spelled right. Your file should be named docker-compose.yaml or yml
you need to set up a NAT for slsubnet
VPN is useful for bypassing local regulations
the purpose of a vpn is to connect a device to another network to gain access to services that are run locally in that network but a lof of people do just use vpns from companies to access geo locked content. those companies are basically just acting as proxies but i guess you could use it like that
Hi, with this method can i also access my pi with ssh or vnc outside my home network?
yes. whatever you can do inside of your home network can be done from anywhere in the world as long as the vpn connection is there
I’m so lost on this vpn discussion so wireguard gives you an option to remote access your devices outside the network correct? But does it hide my IP like NordVPN I’m just trying to find a way to have NordVPN hide my IP and have a remote access vpn so I can use my jellyfin sever
yes wireguard lets you access all of your devices from outside of your network. I’m just wondering why you need your ip address to be hidden if you’re just connecting to your home’s jellyfin server. There’s no need to have a vpn connection to nordvpn and then another vpn connection to your jellyfin server but I might be missing your point
@@MadhuKraft I use NordVPN to torrent and I just want my vpn on for safety and I wanna use wireguard to access my jellyfin out side my local network so i can watch it when im at work not just in my house only . But I just want it behind my vpn since I might use jellyseer down the line to torrent and request shows
not compose file...
Hi do we need a DDNS service or it is working without the ddns ?
you don’t need a dynamic dns
i love you
Is there any way to get the internet working while doing this? We are on a local network with no internet.
I don’t think so. The client would need to have an internet connection to connect to the server’s network
@@MadhuKraft What I mean is that the client connects to the docker's internal network over the internet, and the client loses internet. Yes, it has access to the docker network, but it does not have access to the Internet through this docker container. So it's basically just a VPN into the container. And then the question is, how do we make it so that this access to the docker VPN gives access to the internet through the same server.
Can we use this 24/7 hr ??
Can you show us how to connect between different devices connected to the same VPN server?
wdym? you want to know how to connect to other vpn clients on your vpn server?
@@MadhuKraft yes, exactly
@@MadhuKraft let's say my phone and PC are connected to the same VPN as clients. Now how do I connect between them being routed through the VPN
since the computer and phone are connected to the same server you can connect between them with their vpn client addresses. On your computer ssh into the vpn server while connected as a vpn client and if you type “who” in the terminal you should see the ip address of the vpn client. On your phone u can do the same thing but you would need to download an ssh client like termius
actually no i think my previous comment was wrong. in the config folder, edit the wg0.conf file and do you see any ip addresses under each client?
can i have access even from China ??
I have no idea how the censorship is like in China
Could you show how to set up tailescale with Docker? I do not want to portforward
i dont need to port forward these on my router right?
you would need to port forward the vpn port on your router. Your router needs to know which incoming requests are for which device. sorry for the late response I didn't get the notification
ah dang it, my isp router is shit as hell, i cant do that, welp no worries
dang is it tmobile cus ik they don't allow port forwarding
no, i am from india, it is a local provider, the router they provided seems like from 2000s, it has no functionality other than change the internet acces password and wifi password/ssid.
I had so my things i wanted to do with pi zeros and acces them from outside my local network, but well, will have to search for alternetives
@yugalkukde7 oh well I use cloudflare's reverse proxy to host my website on my server computer without port forwarding and it works pretty well. I don't know if cloudflare's reverse proxy lets you expose anything other than https and http though
Bombas me gusta 💣
you silly goose!
Very very poorly made tutorial
could you explain why?