Deploy & Configure Wireguard

Wireguard is a leading VPN technology. Not only it's faster than OpenVPN, but much easier to configure. Especially if you use Synpse to deploy it

Published on November 14, 21

Synpse is an end-to-end platform to manage your device fleet that can grow to hundreds of thousands of devices, perform OTA software updates, collect metrics, logs, deploy your containerized applications and facilitate tunnel-based SSH access to any of your device. You can find a Quick Start here .


WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Together with Synpse it is super easy to configure and use! No more paying for VPN!

###Technologies used

  1. Synpse for hosting and running applications anywhere
  2. Wireguard VPN provider
  3. Cloudflare DNS management

###Pre-requisites

If you don’t own a domain, and don’t have a need for it - you can use DuckDNS to get one for you. It is very convenient online service to get free, not malware based DNS name. We gonna use Cloudflare as we already own a domain.

And because our device in our home network, we will configure port forwarding into our device.

  1. Configure Cloudflare. We get our IP from any device within our home network

curl https://ifconfig.me/

Cloudflare
Cloudflare

  1. Configure our router with port forwarding into our device in home network. We use D-Link DIR-815. We configure Virtual Server to forward port 51820 to forward to synpse device.

Router
Router

###Deploy an application

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: wireguard
scheduling:
  type: Conditional
  selectors:
    # selector for our device
    wireguard: server
spec:
  containers:
    - name: wireguard
      image: linuxserver/wireguard
      capAdd:
        - NET_ADMIN
        - SYS_MODULE
      ports:
        - 51820:51820
      sysctl:
        net.ipv4.conf.all.src_valid_mark: "1"
      volumes:
        # configuration directory where configuration will be generated
        - /data/wireguard/config:/config
        - /lib/modules:/lib/modules
      env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: TZ
          value: Europe/London
        - name: SERVERURL # Server URL in our DNS. Used to generate configuration
          value: wireguard.judeikis.lt
        - name: PEERS # Additional configuration we asking to be generated. 
          value: laptop,tablet,phone
        - name: PEERDNS
          value: auto
      restartPolicy: {}

###Download configuration

Once this is done and Wireguard starts successfully, it will emit configuration into console. You can use synpse application logs <wireguard> --device <device-name> to get codes. But we gonna backup the configuration locally from remote device for us to use later:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# make sure public SSH keys is configured with synpse
synpse ssh-keys list
# If you don't see anything in the output, execute:
synpse ssh-keys configure

# SSH first using native CLI method to generate .ssh/config
synpse ssh <device-name>

# If you ever SSH'ed into device using native method and have SSH key added, .ssh/config record will be generated.
# Now copy wireguard configuration to our laptop:
scp -r <device-name>:/data/wireguard $HOME/Documents/wireguard

Get out your phone and install Wireguard application. Open file $HOME/Documents/peer_phone/peer_phone.png QR code and scan using your phone and scan it.

And add your endpoint!

App
App

./wrap_up.sh

And this is it! If all steps have been done right, you have free VPN. Simple and powerful setup.

If you have any questions or suggestions, feel free to start a new discussion in our forum or drop us a line on Discord