main About me Back to Posts Personal Projects Links Privacy Contact
With all of the cool stuff I’ve been setting up on my home server lately (Jellyfin, Navidrome, Paperless, etc…), I wanted to find a safe way to access all those services when I am outside of my home / away from my LAN. After looking around, I found the perfect solution: Wireguard. It’s an open-source and totally free (as in beer) VPN application you can install pretty much anywhere and then connect to from anywhere. There are other options available, such as Tailscale and Caddy, but I wanted the simplest option I cound find and this is it.
Reading up on their documentation, I was immediately struck by how difficult setting this up was going to be. Fortunately, there are a number of other projects out there which make that process simpler for home users like me. You’ll see below that I am cheating and using a bash script to simplify the setup a lot.
Next, I want to have Wireguard running all the time on my home server, behind my router / NAT and I want to be able to connect to it from my phone mostly, but maybe also eventually from my work PC. My biggest challenge with getting this setup is that Wireguard wants an IP the clients will connect to (when you set it up), but my ISP changes my external IP address all the time. I solved that with a 3rd party service (DuckDNS.org) which provides a domain name to the world while redirecting any traffic to your router’s external IP. There are other options for doing the same thing too, such as dyno, so you should research them all before choosing one for your use.
Read on to see how I got this all working. Just know that I won’t explain everything here. I am assuming you know some basics of networking, for instance, already.
Download an installer script from this github repo and save it into a folder on the Wireguard PC you’re setting up: https://github.com/angristan/wireguard-install
Visit duckdns.org and create an account there (or use the one you have already, if appropriate).
Setup a domain name there, whatever you want to use. It just has to be unique for their registration system. I will use ABC123 as my example here.
Download and install the script they provide for your PC’s OS. Save that into a folder somewhere and set it up to run on a regular basis.
Run the wireguard-install.sh script. It asks you which option you want, choose the full install option, since this is all new for you.
When asked for the Public IP (first question, I think), give it your Duckdsn domain, e.g.: ABC123.duckdns.org
When asked for a port #, use the default (which is random every time you run the script) or choose a known number. This is the port number you need to enter into your Router so it knows to forward the port’s traffic into your PC.
When asked about which IPs the server should listen for requests from, I left it as the default, “0.0.0.0/0” which means ANY IP can connect but you might not want to do that.
Continue answering questions, mostly with the default values until it’s done.
When the script finishes, it will display a HUGE QR Code on the screen. Leave that there for now.
Grab your phone, or connect to whatever you want to use as the client PC (the one which will connect to the Wireguard PC when making the VPN connection).
If it’s a phone, install the Wireguard app. I have an Android phone, so I installed that from the F-Droid app. I believe there’s an IOS option too.
Run the Wireguard app and click the “+” to add a connection.
Select the “Via QR Code” option and point your phone at the QR Code displayed on the server’s screen still. Voila! The connection is defined on that phone now.
Set up your router (or in my case, routers)
That’s all the set up. You should now be able to test the connection!
I think this all totally worth the time and effort, to have a secure option available for accessing my home PC services while I am out and about. What’s great is that I can access multiple internal IPs and services on various ports, with just one port opened on my router, and only secure connections allowed in through it. And, the system adjusts automatically whenever my ISP changes my IP address. Sweet!
Good luck! Have fun.