I have a question Thomas, does this encrypt traffic end to end? Meaning if I connect with-in my network does it encrypt the traffic going out to the endpoint (website, device, you know what I mean right)? I know it encrypts from the device I download the config to, in to my network.
Your last statement. A VPN server allows for an encrypted tunnel from the client to the server and effectively puts you in that network just like any other device in the network. Anything you do from there on would be exactly as if you are on your home wifi network. Therefore connecting to your VPN from your own network effectively does nothing. Let me know if that makes sense and if you have further connections. I love this because wherever I am, coffeeshop, Airbnb, mexico, my devices have a secure connection to my home and can access all my devices on the home network.You can check on your Traeger while you're at the store!
When you say Wifi do you mean the same network as your server. After scanning the QR code you should have it set up to connect from cellular. Make sure the port is open on your router and forwarding to your server.
But there's a problem, you connected to the vpn, not on windows, how can I use VPN for windows, how can I configure and use it. Can you make a video explanation of that
Are you wanting to run the VPN server on Windows or you have a Windows device that you want to connect to the VPN. Of the latter there is a Wireguard app that runs on Windows as well and you can import a config file. I can do a video on this as well if that'd be useful.
Thanks! Yes, I am using the WireGuard app. After you install it you can set it as your default VPN and you can also add it as a widget with the other pull down widgets like the wifi and Bluetooth etc so it's easy to turn it on/off without having to open the dedicated WireGuard app.
Can I change the exposed port from 51820 to something else? I would imagine I would need to change it on the yaml file and when I add it to port forwarding? Will it still work after changing it?
Yeah, you can map whatever port you want on the docker compose file. Then, just as you mentioned, you'll need to make sure that is the port you are forwarding to. You can also expose a different port on the router than the port that it is forwarding to.
I have a question. I have docker and portainer set up on my raspberrypi. I have installed wireguard successfully. I can access my router settings when connected to the wireguard VPN. But I cant connect to portainers web interface or pihole etc. Is there something really obvious I am missing here?
Do you have a firewall on the raspberrypi? And if so, is the port open for the Portainer web interface? Are you able to connect to it when on the local network, i.e. not using WireGuard?
Hey! So the VPN is giving access to the network but your windows machine still likely has most settings private. Can you explain what exactly you mean by resources? - If you mean your files you'll have to make sure they are visible/public to the network. - For remote desktop, you need to make sure it's enabled. - For the wg-easy web interface, you need to make sure the port is open in Windows firewall.
Hi, i followed all the steps, still it doesn't work... I assume it has to do with how to set up a virtual server on huawei routers... there are multiple fields to fill in: name, protocol, remote host, wan port, device, lan ip address, lan port Maybe someone has an idea? I get as far as to scan the qr code but the connection doesn't seem active on the ui
The virtual server likely has controls over ports to the server instance. Make sure you have the port open on your virtual server configuration. You could also temporarily open the port to the web interface as an easier way to see if the ports are correctly forwarding to your instance.
i followed this tutorial on my RP3 with Raspberry Pi OS 64bit, set port forwarding on my router, and pointed the docker config to my wan IP and also sub domain name. my phone says it's connected but i cant ping nothing at my local network. how can i check if i'm really connected? i enable graph in the container but i cant use the button
On your phone - Make sure you can access the Internet when connected - Check whatismyipaddress.com/ when connected on WiFi, Mobile Data, and Mobile Data plus VPN. When using the VPN it should show you your WAN IP and your home ISP instead of your mobile ISP. Were you able to open the Web UI from your phone like I did in the tutorial?
@@ThomasWildeTech i've tried this in two different environments: my place and my parents. at my parents i have a isp router and a 3rd party router. on the isp ive done the port forwarding to the 3rd party one and from the 3rd party one to the RPI3 where the docker runs. it works there at my place the isp router is set as bridge connected to another 3rd party router that is the same model as in my parents. the port forward on the 3rd party router is the same in both router. the container is running on a rp4 with the same configs. here i cant get internet, ping any local devices what else can i check? on the android wireguard app the logs keep saying that it's trying to do the handshake
Let me make sure I have it right. - Environment 1 (parents): - ISP router with port forwarding to 2nd router with port fording to server. - Everything works as expected. - Environment 2 (home): - ISP router in bridge mode with 2nd router - Not working. Things to check: - You said the config was the same, but I just want to make sure you definitely set the Host IP in the docker-compose. That should be different between both locations. - Pull up the admin page on your server, it should confirm if there's any data being sent back and forth. - Temporarily open and forward ports to the admin page. Let's just see if we can access something else running on your server. Also verify that you can access the admin page from the local network from another device just to verify that your rp4 is definitely accessible from the network. Let me know if you get it worked out!
@@ThomasWildeTech your understanding of env 1 and 2 are correct Things to check: - yup! the WG_HOST is different. the point to different subdomains of my own domain. in both env i have cloudflareddns to update the records - admin page doesnt show any connection. i can see the info showing at my parents but at my place there is no data moving - i can expose HA at my place with nginx proxy manager. for that i route ports 80 and 443. for wireguard i also forward the required 51820 port. this is true for both environments
can u make one for headless insttalltion ubuntu casaos wg-easy thanks in advance edit: nvm all good it was not working bcose the first router blacked it needed to open the lan from first router to 2nd one and all work grat
Hey bro, I successfully installed Immich on my Windows PC via Docker Desktop. Now it’s time to use it through a Wireguard to access it from outside with a different network. I kindly request that you set up a similar video for Windows machines and show how to use my domain name instead of the IP, without showing any ports to access the Immich server as a URL. Thanks in advance.
After you set up your VPN, go ahead and self host your own Google Photos in 5 min -> ruclips.net/video/Oi5j-ZygALI/видео.html
*Heads up your public IP is visible at **9:00*
Great vid, helped when setting up wg-easy in the cloud
Dang, thank you man! One slipped through 😅
@@ThomasWildeTech It's also visible at around 8:02 right at the bottom of the screen
@camembrt y'all are the real heros!
@@ThomasWildeTech found another 8:42 on your monitor above the facecam. managed to get it working with this video so thank you 🙏
Man I should just skip that step next time 😅
You did an awesome job in this tutorial, Thank you for your time.
Well thank you!
How to increase maximum number of clients? Current limit is set to 4?
I have a question Thomas, does this encrypt traffic end to end? Meaning if I connect with-in my network does it encrypt the traffic going out to the endpoint (website, device, you know what I mean right)? I know it encrypts from the device I download the config to, in to my network.
Your last statement. A VPN server allows for an encrypted tunnel from the client to the server and effectively puts you in that network just like any other device in the network. Anything you do from there on would be exactly as if you are on your home wifi network. Therefore connecting to your VPN from your own network effectively does nothing. Let me know if that makes sense and if you have further connections. I love this because wherever I am, coffeeshop, Airbnb, mexico, my devices have a secure connection to my home and can access all my devices on the home network.You can check on your Traeger while you're at the store!
@@ThomasWildeTech Yes sir thank you for your response. I appreciate it.
Anytime, thanks for tuning in
How did you configure the VPN profile on the wireguard phone app to connect via cellular; I'm only able to connect through WIFI
When you say Wifi do you mean the same network as your server. After scanning the QR code you should have it set up to connect from cellular. Make sure the port is open on your router and forwarding to your server.
But there's a problem, you connected to the vpn, not on windows, how can I use VPN for windows, how can I configure and use it. Can you make a video explanation of that
Are you wanting to run the VPN server on Windows or you have a Windows device that you want to connect to the VPN. Of the latter there is a Wireguard app that runs on Windows as well and you can import a config file. I can do a video on this as well if that'd be useful.
@@ThomasWildeTechyes please
Please do it with openmediavault's built in Wireguard plug in..
I'll look into doing this. Thanks for the recommendation!
Very good video, are you using a specific app on your mobile phone, or is it possible to use the build-in VPN?
Thanks!
Yes, I am using the WireGuard app. After you install it you can set it as your default VPN and you can also add it as a widget with the other pull down widgets like the wifi and Bluetooth etc so it's easy to turn it on/off without having to open the dedicated WireGuard app.
@@ThomasWildeTech Thanks for the info, now I'm even more likely to set this up! More comfort is better.
Great video! Is there any way to install the server on a android box?
I have not tried that but that would be convenient since it's presumably always on. I'll look into it!
Do we need to open port 51820 udp on our router to the public internet?
Yes, that is correct. That is the port that our client configuration is expecting to use to establish the encrypted tunnel with our VPN server.
Can I change the exposed port from 51820 to something else? I would imagine I would need to change it on the yaml file and when I add it to port forwarding? Will it still work after changing it?
Yeah, you can map whatever port you want on the docker compose file. Then, just as you mentioned, you'll need to make sure that is the port you are forwarding to. You can also expose a different port on the router than the port that it is forwarding to.
I have a question. I have docker and portainer set up on my raspberrypi. I have installed wireguard successfully. I can access my router settings when connected to the wireguard VPN. But I cant connect to portainers web interface or pihole etc. Is there something really obvious I am missing here?
Do you have a firewall on the raspberrypi? And if so, is the port open for the Portainer web interface? Are you able to connect to it when on the local network, i.e. not using WireGuard?
@@ThomasWildeTech I did I needed to open the port in ufw... whoops
Awesome!
Hi, I did it on my windows machine. It works well but I cannot access local resources for some reason. Do you have a quick fix for that?
Hey! So the VPN is giving access to the network but your windows machine still likely has most settings private. Can you explain what exactly you mean by resources?
- If you mean your files you'll have to make sure they are visible/public to the network.
- For remote desktop, you need to make sure it's enabled.
- For the wg-easy web interface, you need to make sure the port is open in Windows firewall.
Hi, i followed all the steps, still it doesn't work... I assume it has to do with how to set up a virtual server on huawei routers... there are multiple fields to fill in: name, protocol, remote host, wan port, device, lan ip address, lan port
Maybe someone has an idea? I get as far as to scan the qr code but the connection doesn't seem active on the ui
The virtual server likely has controls over ports to the server instance. Make sure you have the port open on your virtual server configuration. You could also temporarily open the port to the web interface as an easier way to see if the ports are correctly forwarding to your instance.
@@ThomasWildeTech thx for the answer! Turns out my ISP is using cgnat... :(
@@Peter-xf6fy Hey did u find a workaround, best other option I found is TailScale, it however relies on outside servers.
i followed this tutorial on my RP3 with Raspberry Pi OS 64bit, set port forwarding on my router, and pointed the docker config to my wan IP and also sub domain name. my phone says it's connected but i cant ping nothing at my local network. how can i check if i'm really connected? i enable graph in the container but i cant use the button
On your phone
- Make sure you can access the Internet when connected
- Check whatismyipaddress.com/ when connected on WiFi, Mobile Data, and Mobile Data plus VPN. When using the VPN it should show you your WAN IP and your home ISP instead of your mobile ISP.
Were you able to open the Web UI from your phone like I did in the tutorial?
@@ThomasWildeTech i've tried this in two different environments: my place and my parents.
at my parents i have a isp router and a 3rd party router. on the isp ive done the port forwarding to the 3rd party one and from the 3rd party one to the RPI3 where the docker runs. it works there
at my place the isp router is set as bridge connected to another 3rd party router that is the same model as in my parents. the port forward on the 3rd party router is the same in both router. the container is running on a rp4 with the same configs. here i cant get internet, ping any local devices
what else can i check? on the android wireguard app the logs keep saying that it's trying to do the handshake
Let me make sure I have it right.
- Environment 1 (parents):
- ISP router with port forwarding to 2nd router with port fording to server.
- Everything works as expected.
- Environment 2 (home):
- ISP router in bridge mode with 2nd router
- Not working.
Things to check:
- You said the config was the same, but I just want to make sure you definitely set the Host IP in the docker-compose. That should be different between both locations.
- Pull up the admin page on your server, it should confirm if there's any data being sent back and forth.
- Temporarily open and forward ports to the admin page. Let's just see if we can access something else running on your server. Also verify that you can access the admin page from the local network from another device just to verify that your rp4 is definitely accessible from the network.
Let me know if you get it worked out!
@@ThomasWildeTech your understanding of env 1 and 2 are correct
Things to check:
- yup! the WG_HOST is different. the point to different subdomains of my own domain. in both env i have cloudflareddns to update the records
- admin page doesnt show any connection. i can see the info showing at my parents but at my place there is no data moving
- i can expose HA at my place with nginx proxy manager. for that i route ports 80 and 443. for wireguard i also forward the required 51820 port. this is true for both environments
Nice one , Please also create for windows
Will do!
My wireguard web interface is stuck in german
In the docker-compose.yml file, change the language to `en`, then run
docker compose down
docker compose up
It should be in English now
are there any upload size limitations for wireguard?? 100mb? 500mb? 1gb? (per file) or something?
There are no limitations to file transfer through Wireguard that I am aware of.
can u make one for headless insttalltion ubuntu casaos wg-easy thanks in advance
edit: nvm all good it was not working bcose the first router blacked it needed to open the lan from first router to 2nd one and all work grat
Hey bro, I successfully installed Immich on my Windows PC via Docker Desktop. Now it’s time to use it through a Wireguard to access it from outside with a different network. I kindly request that you set up a similar video for Windows machines and show how to use my domain name instead of the IP, without showing any ports to access the Immich server as a URL. Thanks in advance.
All that work to blur your IP...but then you show the QR code lmao
Thanks, easy to overlook