Recently I created a few VPN access points using my home connection(s) (2 remote geo points) with the aim to use them for unblocking content and hiding my real location. One of the requirements was to use the VPNs without having to install a VPN client on any wireless enabled device while I’m at home. After some quick research, I came across WireGuard project and I decided to give it a go using some raspberry pi’s I had lying around and document my process.
Setting up a WireGuard server of the raspberry pi is quite easy using the PiVPN project. Since I wanted to create separate networks I chose a different port on each raspberry pi and a different configuration name to make them easier to distinguish. Port forwarding for UDP/TCP was necessary. For getting my connection’s public IP, I installed ddclient and bought a domain name on namecheap for easier access to my devices. Instructions on how to setup ddclient with namecheap can be found here. Here is a quick guide for installing and configuring:
Finally, I made the raspberry pi act as a wireless access point and forwarded the traffic to my wireguard client. This way, whenever a device is connected to the raspberry pi AP it will automatically use the WireGuard connection without the device having any knowledge whatsoever. Steps to setup your raspberry pi as an AP (full tutorial here):
Below is one of the WireGuard configuration files:
Notice that wlan0 traffic will be forwarded to wg2, which in this case is the server on the 2nd raspberry pi.
After repeating the same process for both raspberry pis, I also setup a WireGuard server on Linode, as I wanted to have an extra, faster, cloud based VPN available that I could used while I’m on 4G/5G. The final architecture can be seen in the image below.
Let’s take as example phone 1 which is located in the UK: once the phone is connected to the WiFi AP of raspiGB, all of it’s traffic will be routed through wg1 to raspiGR and use a Greek IP. The same applies for phone 2. We can of course re-route the traffic to wg0 or to any other WireGuard server that we might have set up. Finally, a device with the WireGuard client installed, can access whichever server it wants as shown with phone 3.