Skip to content

Instantly share code, notes, and snippets.

@877dev
Last active December 7, 2020 14:48
Show Gist options
  • Save 877dev/95184102400e9055f2775fdce7077a21 to your computer and use it in GitHub Desktop.
Save 877dev/95184102400e9055f2775fdce7077a21 to your computer and use it in GitHub Desktop.
IOTstack wireguard setup guide

Wireguard setup for IOTstack

General resources for setting up Wireguard:

A nice easy to read guide: https://codeopolis.com/posts/installing-wireguard-in-docker/

The github page including readme: https://github.com/linuxserver/docker-wireguard

More specific information regarding IOTstack setup:

Recommended - set up a Dynamic DNS such as DuckDNS first: https://sensorsiot.github.io/IOTstack/Accessing-your-Device-from-the-internet/

Make sure your Raspbian build is up to date, or at least a recent build (check with uname -a), this is useful to avoid header errors later on:

sudo apt update
sudo apt full-upgrade
sudo reboot

Once complete, run ~/IOTstack/menu.sh to add wireguard to IOTstack. This will append the container details to ~/IOTstack/docker-compose.yml ready for the stack to be started (don't start yet)

Edit docker-compose.yml with your parameters: sudo nano ~/IOTstack/docker-compose.yml and as needed change your timezone, peers, server url etc.. This is where you put you DuckDNS server if you made one. More info on the Wireguard github.

Alternatively you may choose to use compose-override.yml as per the guide here, but please note the caveats: https://sensorsiot.github.io/IOTstack/Custom/

Now up the stack to start the container: docker compose up -d

Check the logs to make sure wireguard is running properly, I like to use Portainer and go to "Container>Wireguard>Logs".

If you see an error about headers, check the troubleshooting guide.

All being well you will see a QR code in the log output. Download the Wireguard app to your phone, scan the QR code and your VPN connection is set up. There are other methods to set up not covered here. Yor config files are at ~/IOTstack/services/wireguard/config.

Now you are on your phone, switch to mobile data (to simulate being on another network) and enable the VPN. You should be able to browse to local IP addresses such as 192.168.1.x as if you were inside your home WiFi network. This means you have it set up correctly. Note, you will need to forward port 51820 on your router.

Troubleshooting or further information

Github page: https://github.com/linuxserver/docker-wireguard#application-setup

Nice youtube video: https://youtu.be/GZRTnP4lyuo

Header error: Make sure you updated your Raspian build as per the above instructions. Otherwise Google is your friend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment