Private LAN VPN Access

This is an old revision of the document!


Back  
 Next

Private LAN VPN Access

The scope here concerns use of VPN (Virtual Private Network) to gain secure access from the public network to a local private network. It relates to private secure access and use from the public network. It does not consider public VPNs setup for public use.

There have been considered 3 different levels of access as described by the applications used:

  • Wireguard - A VPN server
  • Tailscale
  • Headscale
  • OpenVPN (Old)

These applications and their scope are described further below.

Wireguard

I previously successfully setup KPTree wireguard on my router. This was installed on “bare metal” as was the nftable based router firewall. I later installed Bind9 DNS and Kea DHCP programs in Docker containers. I always run Docker in a VM to prevent Docker's packet filtering from affecting the bare metal firewall rules. I did not move Wireguard to a Docker container as I did not have the need at the time.

Using Docker wireguard from linuxserver.io is much easier than the manual “bare-metal” setup on my router. The docker setup is below:

docker-compose.yml

The Wireguard container [https://github.com/linuxserver/docker-wireguard#server-mode|Server Mode]] documentation give some key points on usage:

  • Variables SERVERURL, SERVERPORT, INTERNAL_SUBNET, PEERDNS, INTERFACE, ALLOWEDIPS and PERSISTENTKEEPALIVE_PEERS are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs.
  • To add more peers/clients later on, you increment the PEERS environment variable or add more elements to the list and recreate the container.
  • To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: docker exec -it wireguard /app/show-peer 1 4 5 or docker exec -it wireguard /app/show-peer myPC myPhone myTablet (Keep in mind that the QR codes are also stored as PNGs in the config folder).

References

Tailscale

See Headscale.

Reference

Headscale

For my use case Headscale was too complicated to setup. I am also concerned about the effort to maintain. So I have decided not to use at this time.

https://github.com/juanfont/headscale/releases

Reference

/app/www/public/data/attic/docker_notes/vpn.1735355482.txt.gz · Last modified: 2024-12-28 Sat wk52 11:11
CC Attribution-Share Alike 4.0 International Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International