- Run Wireguard on your home server and select a port that you’d like to face externally.
- Port forward that port in your router to your server. Let’s use port 12345.
- Create public and private keys on your server.
- Create conf file on your server.
- Create keys and conf file on clients (phone, notebook, tablet, etc).
- Enter keys in conf files.
- Connect clients to home server.
Here is a sample which has confs for both a server and client. Ensure you enter your information as needed. Don’t forget your interface in the iptables commands.
# home server wg0.conf [Interface] PrivateKey = # server privkey here Address = 192.168.2.1 ListenPort = 12345 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s31f6 -j MASQUERADE [Peer] # notebook PublicKey = # notebook pubkey here AllowedIPs = 192.168.2.2 # notebook wg0.conf [Interface] PrivateKey = # notebook privkey here Address = 192.168.2.3 DNS = 192.168.1.125 # dns server (pihole) address on my home network [Peer] PublicKey = # server pubkey here Endpoint = 220.127.116.11:12345 # your home ip address and wireguard port AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 21
So, in this case, port 12345 should be setup for port forwarding. You clients will connect back to port 12345 on your home IP address. If you have a dynamic IP address at home, you’ll need a solution for that like a custom script, DDNS, or even using a VPS as some sort of jump host.
If you can’t open a port, you could run the server on a Linode (with my referral of course, lol) instance that would be very cheap. A nanode is $5 a month, and now you can use it for other stuff too. Then connect everything to it. Now your phone and home server are on the same network.