I have been wanting to configure my own VPN for some time now in order to access my shared drives and machines on my local network while traveling now that my main computing machine is a desktop. I had looked up several tutorials but wanted something that was super quick and not too networking heavy. What I found was WireGuard a cross-platform VPN software that has been gaining traction as a simple service to set up and integrate with all of your devices.
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
https://www.wireguard.com/
While being generally easy to set up and install I found a containerized app on the Unraid community app repository that made configuration and setup a sinch, lets’s get started!
Unraid WireGuard Setup
If you have not heard of Unraid yet and you have an interest in servers, virtual machines, network share drives, and media servers I would suggest you check it out on my previous blog post below.
Unraid makes the setup and configuration of the WireGuard VPN software super simple because of all the amazing community applications that have been created. These apps run in a containerized environment on your server. There are hundreds of apps ranging from media servers like Plex to GitLab instances, and even one to easily setup WireGuard called “WireGuard Easy”. You can search for it by navigating to the Apps tab on your Unraid GUI and searching for it.
Just click the install and fill in the configuration like I have done below, Easy! You will be presented with the following settings page. Don’t worry about messing this up we can easily change it later.
Leave the Port(WebUI) and Port(VPN) alone, for now, the most important thing to set up now is the WG_HOST. For this, you will need your public IP address not the address of the server on your local network. The public IP address is the one given to you from your ISP. Unfortunately, this is not static and could change periodically but there are ways to update this or buy a domain to redirect. For now, though you can use this website to find your public IP address. copy this into the WG_HOST field.
https://whatismyipaddress.com/
You can also change the password to the WebUI in the “Show more settings … ” section.
Router Port Forwarding
This part will be different for you based on what WiFi router you have, I have the eero mesh WiFi routers which can be set up to port forward using the eero app on your phone. For other routers, you will need to look up how to access the admin console and forward the 51820 VPN port to your Unraid server IP address.
Creat WireGuard Client
Next, you can go to the Docker tab on your Unraid server. If you do not see the green play button that means that the container is not running. Open the web UI from the Unraid docker interface this will open a new tab with the WireGuard interface. Login to the web server using the password that you set up in the config section.
Once logged in you should see this very simple interface. I have already included myself as a client but all you need to do is click the “+ New” button and give it a descriptive name.
That’s it for the WebUI for now keep it open because we will use it in the next step as well.
VPN Setup on iOS
As I will mostly be using this on the go to access files on my home network and remote desktop while traveling I wanted to get my phone configured to use the VPN first. Thankfully again most of the hard work has already been done for me as WireGuard has a dedicated app for iOS that can be used in conjunction with the WebUI to set up all the necessities for you to connect into the iOS VPN feature. Download the app using the link below.
Once open click the “+” button in the top right of the screen, this will show a create from the menu. Here is where the magic happens!
Go back to the WebUI on your computer and click the QR code button next to the enable toggle. This will bring up a QR code that we will scan with the app. Now, in the app select the “Create from QR code” and allow the app to use your camera. Point the camera at the QR code on your screen and voila, configuration created! I named mine Tower_Home but you can name it anything you would like.
There are a few more steps that you will need to do to get access to your remote machines and file shares etc. The main one is that we need to edit the config on the phone to include a few allowed IPs. These are the subnets that we want to access on the VPN. A good guide for help here is WireGuard Basics scroll down to the allowed IPs section to get some background.
Add the IP address of your Unraid server on your local network followed by a subnet mask into the comma-separated list. I just use the /24 for the subnet mask but you may need a different subnet mask depending on your network configuration. You will need to enter the IP addresses of the machines that you want to be able to access individually.
x.x.x.x/24,Save the configuration.
Testing
To test your VPN to make sure everything is up and running I like to disable the wifi on my phone and use the LTE signal. This is because it will be how I will be accessing the VPN while traveling. Toggle the VPN in the WireGuard app and you should be ready to go if everything was set up correctly. Navigate to your Unraid WebUI by entering it into your browser on your phone. If this completes that means that you have correctly set up the allowed IPs for your server.
Unraid File Shares
Now let’s see if we can access our file shares. To do this you will need to open the Files app on your phone and configure a remote server. Enter in the IP address of your server and log in as a registered user if you have configured that on Unraid as well.
If that works you should be good to go on accessing your share files while traveling.
No-Machine
Till now I have been using RealVNC to access my home machines while traveling because of their integrated service that allows you to remotely log in from anywhere but the service is pretty limited for free users. I have been using NoMachine for a while now for remote access around the house but could not use it across the internet because it does not have the integrated service that RealVNC has. But now that I have a VPN I can use the expanded functionality that NoMachine provides like increased resolution, audio integration, etc.
To get this to work you will need the IP address of the machine running the NoMachine server, in my case that’s my Ubuntu VM that is running on top of Unraid. It has a separate IP so we need to add it to the allowed IPs in the WireGuard app configuration. you will also need to forward the NoMachine port from your router to this same IP address.
x.x.x.x/24,NoMachine uses port 4000 for accessOpen the NoMachine app on your device and enter the IP address of the machine that is running it. Discovery does not currently work at the moment. I think this is due to the allowed IPs configuration and will look into it in the future. You should then be able to log in to the machine!
Notes
I was putting off adding a VPN to my server because I was concerned with how long the configuration and setup would take. I also am not very adept at networking but this docker app and all the supporting applications for WireGuard made it amazingly simple.
The main issue is that the public IP from your ISP changes periodically so you will need to reconfigure your WireGuard configuration at that point. Thankfully the eero app can be used to find out my ISP public IP address if that happens! The one benefit of an internet-enabled router service. The other issue that I ran into was the lack of local discovery I feel like this is intended because you would really not want an intruder to be able to peruse your network.
For now, I’m pretty impressed and looking forward to using this in the future as I am heading to different locations. and I hope that you are able to benefit from this guide as well.
1 thought on “Easy WireGuard Setup on Unraid”
Comments are closed.