#1 2019-03-31 05:49:01

greybeard
Trusted Member
Registered: 2015-01-09
Posts: 18

LES NAT VPS with wireguard, basic notes on how to

I've been experimenting with getting wireguard running on a NAT VPS.
Main problem is that you can only run the userspace version of wireguard (wireguard-go) not the std kernel version. Couple of reasons for this, one older kernel in openVZ, would require loading a kernel module on the host (not going to happen).

So, some notes on what to do.
Focusing on variations to the std wireguard install from various places on the web.

My setup 64k LES NAT VPS running debian 8.
1/ You need a compiled binary of wireguard-go. I followed the instructions from here (https://github.com/WireGuard/wireguard-go) on a linux VM I had also running debian 8.
2/ logon onto NAT VPS as root (or su once logged on) Much simpler to do this as root, YMMV.
3/ copy binary wireguard-go from VM to NAT  VPS server.
4/ on NAT VPS
apt install wireguard-tools --no-install-recommends (otherwise it tries to install all sorts of unneeded packages the kernel wireguard)
copy wireguard-go to /usr/bin
chmod 755 /usr/bin/wireguard-go
5/ pick an unused port within your allocated port range to use for the wireguard connection.
6/ create the config file as per the std wireguard docs on the web.
7/ make sure you have tun enabled on your NAT VPS.
8/ start the wg interface with
wg-quick up wg0
This will probably throw an error with lots of text and a warning about how you should use the kernel module for wireguard and how it isn't fit for production.
To fix this and ignore the warning
export WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD="1"
and run
wg-quick up wg0
Should now start up and have a wireguard interface.
running
wg show
or ifconfig
should have a wg0 interface.
Set up a peer and off you go.
9/ to auto start the wireguard interface I added the following to /etc/rc.local
export WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD="1"
wg-quick up wg0

Gotcha's:
Double check the config files for correct keys, ports and addresses.
Works from windows with the TUNSafe client (don't tell the wireguard author as he's a go issues with it)
Works from my Android phone (on WIFI see below for mobile data issue in Australia) with both the wireguard and tunsafe apps.

(And for anyone using prepaid Telstra 4G/LTE (australia) they have a system that doesn't work for pretty much any VPN, corporate or post paid accounts can get around this, google for solutions).

I currently have this running from my adsl account to my NAT VPS.
FWIW I was running openvpn on my NAT VPS, wireguard is using less cpu and memory. However I didn't keep records to give a definitive number.
Rod

Last edited by greybeard (2019-03-31 05:52:39)

Offline

#2 2019-04-19 10:04:28

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,747
Website

Re: LES NAT VPS with wireguard, basic notes on how to

Thanks!

Interesting read and i'm sure other users will find it helpful.

Offline

#3 2019-04-22 18:54:09

skorous
Trusted Member
Registered: 2019-03-21
Posts: 20

Re: LES NAT VPS with wireguard, basic notes on how to

Very much so. Well done greybeard.

Offline

#4 2019-05-03 01:15:52

skorous
Trusted Member
Registered: 2019-03-21
Posts: 20

Re: LES NAT VPS with wireguard, basic notes on how to

It's slightly more annoying on yum distro's because you have to download the wireguard-tools rpm and install it with rpm or else it'll install all the junk to compile the modules but it works fine.

Offline

#5 2019-05-03 01:20:32

skorous
Trusted Member
Registered: 2019-03-21
Posts: 20

Re: LES NAT VPS with wireguard, basic notes on how to

Rats, I forgot to mention it works over IPv6 so you don't have to pick weird ports if you don't want. You can use the 51820 semi-standard.

Offline

Board footer

Powered by FluxBB