Hi all, i’m trying to setup a vpn server in my computer and connect to it from my android phone to safe browsing when i’m out working or traveling. Can be this achieved with Wireguard?. I’m totally new, sorry if what i ask is stupid.
Yes, but your computer has to be accessible from the internet. After all, the android phone has to be able to reach your computer.
Your options are:
-
IPv6 - direct connection. No other special requirements.
-
Not under CGNAT - port forward from your router to the computer. If static IP, done. If not, may need a dynamic DNS service.
-
Under CGNAT - Get a machine/VPS accessible from the internet and use that as server (and forget about using your computer) or jump from VPS to computer (2 hops). But setting this up is harder and may cost money.
This may sound difficult and even counter intuitive but what I would recommend you do is install a type 2 hypervisor and install a firewall distro on it. Those are mostly configurable using a browser and have anything you might need where openvpn … tinc… ipsec… anything is concerned.
Your phone can have an openvpn client on it with a ovpn config file that includes all keys.
If done correctly you’ll then be able to export your local lan over your vpn.
When you’re not home you can launch the VM.
The details of doing all this are beyond the scope of this reply.
You can use Tailscale. Works like charm and is very simple to setup.
It’s a bad idea. Your computer needs to be running 24/7 just to accept the incoming connection - and this consumes a ton of energy.
Either install WG on your router (many can, and it’s running anyhow). Or get a cheap, small device like a Raspberry Pi. They can run it perfectly and only consume a few watts.
Your computer should then be setup for WOL Wake on LAN to activate it when needed.
Is it’s only for browsing you can use sshd as SOCKS proxy server
you would need to enable NAT port forwarding leaving your computer open, this is normally a very bad idea.
I guess Mitmproxy would suit you. If your IP address is private and you have no IPv6, you will also need a virtual LAN such as Zerotier
Windows config: https://i.postimg.cc/vBYXFJ93/1.png
Android config: https://i.postimg.cc/j2CXCyMf/2.jpg
Log: https://i.postimg.cc/c15h25JB/3.jpg
I’ve installed it and added my computer and phone to machine list. What i have to do is set my computer as exit node?. I’m working, later i’ll do a deeper test. Thank you!
What is the best free and easy to install vpn solution for raspberry?
Yes and no. It’s especially bad if it’s for tcp traffic as well but not for udp when running wireguard. Of course, this is only as strong as the weakest link but if it’s for purely wireguard then they will be fine since it’s udp protocol and it needs a key pair to connect. I definitely recommend having it in its own subnet of course in case a device gets compromised. You can take it a step forward and have an authentication page but that’s a little too excessive if you are running basic things.
My windows computer local ip is 192.168.1.33
On endpoint i’m using my external ip and i have 2411 port open on router for tcp and udp
Yes exactly. Once the computer is set as an exit node, you can route all the phone’s traffic through your computer.
Pi-VPN.
Comes with both OpenVPN and Wireguard.
Just as a matter of fact WG is peer to peer. Technically it has no server as a hub, as most other VPN protocols have.
So you install a WG peer on the Raspi, make it available through a DDNS service, configure ports forwarding and iptables firewall, and have build your secure gateway for your home network.
You can use Tailscale instead, which does most of this automatically.
I’m using my phone with 5g connection, not wifi
I’m surprised this worked. What you ended up doing seems like a peer to peer connection between the windows computer and the android. That’s probably not what you want.
Also, don’t set your Wireguard IP to be the same subnet as your local IP. That gets confusing and it kinda messes with stuff. If you look up tutorials on the internet, nobody uses 192.168.x.x as Wireguard IPs. It’s almost always 10.x.x.x or similar.
To clarify, you have a port forward on your router to your windows computer? And your router’s public IP is the one that starts with 83?
Yes to both questions.
Ah, reddit didn’t refresh properly.
Got it. Can you show the logs on the android?
In any case though… I think I have an idea now…
On the windows computer server:
Change the Address to 10.8.0.1/24
Change the AllowedIP to 10.8.0.2/32
Remove the PersistentKeepAlive
On the android:
Change the Address to 10.8.0.2/32
Remove the port
Put keep alive to 25
That should allow the android to talk to the windows machine.
However, as I can’t see the firewall, nat and forwarding rules on the windows machine, I’m not sure if it’ll actually allow you to browse the internet using the windows computer. You can try if you’re lucky and it works off the bat.
leads to unallowed src IP errors