HN Reader

Setting up a home VPN server with WireGuard

17 kayaroberts 7 9/8/2025, 6:57:57 PM mikkel.hoegh.org ↗

Comments (7)

cyphax · 3m ago
I've had wireguard in a container for a few years, and it's never failed me. I will say it took me a long time to get the firewall part of the configuration right but the configuration is otherwise simple. When I'm on the road I can access all the things I self host, which I don't have to expose anything of to the outside world.

I also really like using qr codes to transfer a configuration to a phone (mostly used by me once when I replaced my phone): https://www.cyberciti.biz/faq/how-to-generate-wireguard-qr-c...

pseudosavant · 3m ago
I love Wireguard, but if you want to do this, I think there are only two ways that make sense for most users.

The best option is just to use tailscale, either on your router or on a device on the network that is always on, and set it as an exit node. It uses Wireguard under-the-hood, and it way easier to setup.

If you really must use Wireguard directly, get a router like a GL.iNet with OpenWRT that has a Wireguard server built-in. It'll handle creating certs for users, etc.

paulgerhardt · 1m ago
This was good advice in [2019].

In 2025 using Tailscale simplifies a lot of the configuration and reachability parts.

age123456gpg · 7m ago
You can create prefixed keys (aka vanity key) for each peer using https://github.com/AlexanderYastrebov/wireguard-vanity-key

    $ wireguard-vanity-key --prefix=mac/
    private                                      public                                       attempts   duration   attempts/s
    Mtvsq5urRK/HRE1EfqTkZ9dtBNNBjSVPbqYBZ/BL4Qw= mac/t3wcAUhyZUti7OM4KsGQ7/V00HPRmzI3agaSplM= 37258118   1s         70119328

    $ wireguard-vanity-key --prefix=ipad/
    private                                      public                                       attempts   duration   attempts/s
    hJXdv5FKyem2WqWzduSaEhEw1H4b+6BGTIqJeYu9H1c= ipad/s6w2nBEDhmuEl/xyLeohEbfc5MWUy5D8dJHgAs= 158299886  2s         69564916
ayhanfuat · 4m ago
OpenVPN is indeed quite tedious to configure but they have a light version called Access Server with 2 free connections. I was able to set that up on a Digital Ocean VPS pretty quickly. Nowadays I am using Mullvad and loving it.
webstrand · 3m ago
This works wonderfully so long as both clients are not behind a NAT. Then you need something like Tailscale, Netmaker, Innernet, etc.
billy99k · 15m ago
I love WireGuard and use it when I'm traveling. I bought a cheap Lenovo mini-pc, installed Debian, and use it as a dedicated VPN server.