Thanks for reading. Ill try to be brief while still being thorough.
First, I’m just knowledgeable enough to be dangerous. Not quite a noob, but far from proficient in these things.
First, I want to run a private vpn from my home with no outside dns/domain help. I have a raspberry pi that texts me my public IP address every time it changes. It tends to stay the same for a year or more. I want to manually enter that address into my clients whenever it changes. What settings should I read up on to accomplish this? 3 clients: phone, tablet, and laptop (which is my desktop when I’m home)
Second, I have a protectli 4 port vault router running pfsense (Celeron 4 core J4125 @ 2Ghz w/16GB RAM). Whats the performance hit if I run wireguard on this vs a raspberry pi? I live alone, so if the router takes a hit while I’m actively using the vpn, but is back to full speed when I’m home, that’s fine. No one else is affected by the hit…
If I run it on my router, I’d like my laptop to enter on its normal subnet (192.168.0.x) and my phone and tablet to enter on their normal subnet (192.168.1.x). Possible? What settings do I need to read up on?
If it matters, mostly I want remote access to my NAS while I’m on the road. Accessing private web pages ( security camera feeds/smart home sensors, etc) and secure browsing from sketchy wifi hotspots.
Anyways, all the help I’ve found is either noob focused (run this script and pick defaults. Don’t worry what it all means…and use an outside dns provider), or pro focused (assuming both a much more complicated setup with little to no explanation of vocab). Know of any resources geared towards people in my knowledge range? I’m not looking to become a working pro…just want to know enough to set up and run my own stuff…
Thanks.
For your changing IP address you want to setup dynamic DNS.
you have services like noip and duck DNS, but I prefer Cloudflare.
Cloudflare doesn’t do Dynamic DNS natively but their are docker containers that will update cloudflare when you ip changes. Cloudflare domains are cheap, $10/year for a dot com and then you can also start playing with cloudflare for publicly exposing some internal stuff like websites or heck something like next cloud and use cloudflares zero trust tunnel which means you don’t need to worry about a dynamic ip.
Basically once you pick your Dynamic DNS provider, on wireguard you just throw in the domain name into your client config where your public ip would normally go. You don’t need to make any changes to the wireguard “server”
What settings should I read up on to accomplish this? 3 clients: phone, tablet, and laptop (which is my desktop when I’m home)
You just change the IP in the client config. There’s nothing secret there. The peer that runs at home 100% of the time doesn’t need to know about or care about, your public IP change.
If I run it on my router, I’d like my laptop to enter on its normal subnet (192.168.0.x) and my phone and tablet to enter on their normal subnet (192.168.1.x). Possible? What settings do I need to read up on?
What do you mean, “enter on their normal subnet”? Your Wireguard peers should NOT be using the same IP subnets as your normal LAN.
And just for clarification, if you’re going to be connecting to your own Wireguard from other networks that would be using 192.168.0.x or 192.168.1.x, you will NOT want to use those subnets within your own LAN. Create unique subnets within your home network, so that you don’t have any IP conflicts when you are remote.
You just change the IP in the client config. There’s nothing secret there. The peer that runs at home 100% of the time doesn’t need to know about or care about, your public IP change.
On the script most noob centered websites send you to, theres a screen for setting up dns on the server…is that not for setting up a dynamic dns workaround? Not sure how to disable that.
What do you mean, “enter on their normal subnet”? Your Wireguard peers should NOT be using the same IP subnets as your normal LAN.
Therein lies on my major points of confusion I guess. I have 3 internal networks. laptop, main (NAS, wifi hotspot, xbox’s, etc), and guest (separate wifi). All fire-walled from each other. laptop can go anywhere. Nobody else can go anywhere but out to the internet (some devices cant even do that). I don’t want some rogue iot device with a virus on the guest network being able to see/probe my laptop. So how does a vpn network interact with existing networks and firewalls? I always assumed it put you inside a particular firewall…but it must be separate…with its own firewall rules?
On the script most noob centered websites send you to, theres a screen for setting up dns on the server…is that not for setting up a dynamic dns workaround? Not sure how to disable that.
Don’t use a damn script? Configure it from scratch?
So how does a vpn network interact with existing networks and firewalls? I always assumed it put you inside a particular firewall…but it must be separate…with its own firewall rules?
It’s just a network. You have options. You can use your VPN “server” to NAT the traffic, or you can create firewall rules for everything. Or you can just run the peer on your router and make things easy to adjust rules.
It sounds like Tailscale would be right up your alley. Nothing to manually config, easy to manage.