[TriLUG] Fwd: Home VPN?

[via TriLUG]

Hey Matthew,
(And this time properly including TriLUG)

I've attached a set of instructions I wrote a couple of years ago (2022) 
for a friend of mine who wanted to do exactly what you're asking: run a 
VPN into their home. These instructions should still work, but things 
may have changed (a bit).
The attached files are a Markdown file and a PDF generated from that 
same file via PanDoc (in case you like that better).

I created these instructions myself because I run my own VPN into my 
home, in other words: I do this myself as well. I've been doing this 
since 2021 or so without any issues.

The attached files contain very granular step-by-step instructions 
starting from "so you just got a brand new Pi4 from MicroCenter/your 
favorite electronics farmer" and they walk you through the whole thing 
from that starting point.

They are written for someone who is _somewhat_ technically inclined but 
not super so (so keep that in mind because this will probably be a bit 
too hand-holdy for you but better that than the opposite I guess).

Also note: this individual for whom I modified my own instructions 
wanted to run the Pi on WiFi rather than wired, I recommend to do it 
over wired - which is what I do as well - because of through-put 
reasons. But these are the instructions I have laying around so those 
are the ones I can share... :)

In case the instructions/attachments get stripped off from this e-mail, 
e-mail me directly and I can get you going.

As mentioned, there are Windows, Linux, Mac, iPhone, Android clients for 
Wireguard. I highly recommend it!

Cheers

T

On 19/02/2025 00:04, Wes Garrison via TriLUG wrote:
> Look at Wireguard.  It's really simple, and it's built in to modern Linux
> kernels.
> 
> Linus called it a "work of art":
> https://www.theregister.com/2021/12/08/wireguard_linux/
> 
> That's pretty high praise.
> 
> It uses public/private key pairs, so you just install it on your home linux
> server or router and give it your public key, then you use the public key
> from your server (or router) on your mobile/remote computer.
> 
> Here's the configuration on my Debian box in /etc/wireguard/wg.conf
> Address = 10.10.5.1/24
> SaveConfig = true
> ListenPort = 58443
> PrivateKey = private_key_of_your_server_or_router
> 
> [Peer]
> PublicKey = public_key_of_your_remote_client
> AllowedIPs = 10.10.5.2/32
> 
> And here's the config on my Windows client (peer):
> [Interface]
> PrivateKey = private_key_of_remote_laptop_or_client
> Address = 10.10.5.2/24
> 
> [Peer]
> PublicKey = public_key_of_server_or_router
> AllowedIPs = 10.10.5.0/24
> Endpoint = home.mydomain.com:58443
> 
> There are GUIs available for both Windows and Mac, and lot's of good guides
> out there, but it's pretty simple.
> 
> You'll need to remember to open 58443 or whatever port you use on your
> router if you don't have WG set up directly on your router.
> 
> On Tue, Feb 18, 2025 at 8:23 PM Matthew Glassman via TriLUG <
> trilug at trilug.org> wrote:
> 
>> How difficult and precarious is it to set up a home VPN without relying on
>> something like NORD or some other service?  I had the thought that maybe
>> I'd want to try doing that but wasn't sure where to start and what I might
>> want to consider.