Using WireGuard for Secure Remote Access to Your Home Lab

Introduction

WireGuard is a modern VPN protocol known for its simplicity, speed, and security. It provides an efficient way to securely access your home lab from anywhere in the world. This guide walks you through setting up WireGuard on a Proxmox-hosted server to create a secure remote access solution.

Step 1: Install WireGuard

  1. Update Your System

  • Ensure your Proxmox server is up to date:

    sudo apt update && sudo apt upgrade -y

  1. Install WireGuard

  • Run the following command:

    sudo apt install wireguard -y

  1. Verify Installation

  • Confirm that WireGuard is installed:

    wg --version

Step 2: Configure the WireGuard Server

  1. Generate Key Pairs

  • WireGuard requires a public and private key for authentication:

    umask 077

    wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey

  1. Create the Configuration File

  • Open the WireGuard configuration file:

    sudo nano /etc/wireguard/wg0.conf

  • Add the following configuration:

    [Interface]

    PrivateKey = YOUR_PRIVATE_KEY

    Address = 10.0.0.1/24

    ListenPort = 51820

    SaveConfig = true

    PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

  1. Enable IP Forwarding

  • Modify sysctl settings:

    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf && sudo sysctl -p

  1. Start and Enable WireGuard

  • Start the WireGuard service:

    sudo systemctl enable --now wg-quick@wg0

Step 3: Configure the WireGuard Client

  1. Generate Client Keys

  • On the client device, run:

    umask 077

    wg genkey | tee ~/client_privatekey | wg pubkey > ~/client_publickey

  1. Configure the Client

  • Create a configuration file on the client:

    nano ~/wg-client.conf

    • Add the following details:

    [Interface]

    PrivateKey = CLIENT_PRIVATE_KEY

    Address = 10.0.0.2/24

    DNS = 1.1.1.1

    [Peer]

    PublicKey = SERVER_PUBLIC_KEY

    Endpoint = your-public-ip:51820

    AllowedIPs = 0.0.0.0/0

    PersistentKeepalive = 25

  1. Add the Client to the Server

  • On the Proxmox server, add the client’s public key to WireGuard:

    wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2/32

  • Restart WireGuard:

    sudo systemctl restart wg-quick@wg0

Step 4: Connect and Test

  1. Start WireGuard on the Client

  • On Linux, run:

    sudo wg-quick up ~/wg-client.conf

  • On Windows, use the WireGuard app to import the configuration and activate the VPN.

  1. Test the Connection

  • Ping the WireGuard server from the client:

    ping 10.0.0.1

  • Check the WireGuard interface:

    wg show

Conclusion

You now have a fully functional WireGuard VPN setup for secure remote access to your home lab. With this configuration, you can securely connect to your network from anywhere, ensuring privacy and performance.