I did, and saved the commands:
apt-get -y install raspberrypi-kernel-headers libmnl-dev libelf-dev build-essential git qrencode
git clone https://git.zx2c4.com/WireGuard
cd WireGuard/src
make
make install
# enable forwarding
test "$(egrep -c 'net.ipv4.ip_forward*=*1' /etc/sysctl.conf)" -lt 1 || echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl net.ipv4.ip_forward=1
I personally prefer software that I can understand more on my own without “help”, and that’s also simpler to configure. In PiVPN and most OpenVPN setups I’ve encountered these days it’s either several configuration steps, or a bunch of helper scripts. I feel that with WireGuard it’s fewer steps and all can be done manually. The configuration files are pretty bare bones and simple to understand. The fact that it uses a simple key exchange rather than having to setup certificates and certificate authorities also appeals to me. The ability for the iOS client to import QR codes is kinda handy too.
I’ll fully admit it doesn’t have 20 years of development, and may be lacking features, but for my simple home VPN setup I like it.
I just realized I didn’t answer the 2nd part.
No, you’d only need to setup it up on the pi, and on the device that’s remote. Depending on the local device on your lan you might need to configure it to be accessible from the VPN. My printer for example isn’t remotely accessible, my cameras are. It just depends on the device on your lan.
It depends on how your network at your parents house is setup. Wireguard is just another VPN protocol.
You can have the isp disable the router so it works only as a modem, then use you own router.
Yes, VirtualBox should run all the time. But then again my PC works 24/7, and it has 32G RAM and this VM uses only 1G.
Fanless PC with Pfsense is a much better alternative, however I don’t want to invest in additional HW
It would only need one NIC.
I saw you mention this in a couple of other places in this thread. Keeping a spare SD card handy, with backups, and instructions for a restore is a good first step. Two pi’s is a better one. If you use pi zeros you can reduce your cost greatly.
Nice! Thanks, I’ll give it a go later today!
Any benefit to installing from source?
I have looked into it and it does look very good.
Is it possible to configure wireguard using a dynamic IP address?
That is interesting! How did you configure your network to allow the cameras to be accessible?
That is good to know. I will look into them
Yes that is a valid point and a good solution.
It has crossed my mind to get a mini PC as well. One for $100 and use it as a backup
Yes I see. It is a standard network setup where all devices are connecting via wireless or wired to the router. All devices are on the same subnet
I am very doubtful they would be willing to do that
Yes one NIC as well, in fact my setup is with one NIC on the VM. If you have a PC with two NICs then you can place the PC to act as your gateway. There a couple of ways to do this.
That is an excellent idea and one I had not thought about. I might keep the pi zero as a backup. Thanks!
I just remembered…I think I did it here because I was running on a pi zero and the WireGuard binary in the repos segfaulted on the pi zero cpu.
From what I’m seeing no. Wireguard seems to need to give each client its own IP.