How to set up a VPN with WireGuard on Unraid

Hey, what’s going on. Today, I’m going to show you how to set up a virtual private network (VPN) using WireGuard on Unraid. I’m also going to show you how to configure a mobile device and a computer to connect the WireGuard VPN.

What is a VPN?

A VPN or virtual private network allows devices to connect securely through the Internet to another network. It creates an Encrypted tunnel where you can safely transmit sensitive data preventing people from eavesdropping on your traffic. When a device connects to a VPN via the Internet, the device will look like it is connecting locally to the VPN’s network utilizing the network’s public IP address.

What is WireGuard

WireGuard is a fast, modern, open-source VPN protocol that aims to outperform other VPNs. It utilizes state-of-the-art cryptography, and it’s very easy to configure. It’s also under heavy development, and it might be considered the most secure, fast, and simple solution for a VPN.

Set up DuckDNS

Home Internet service usually has a dynamic IP address, meaning that the public IP address changes over time. Because of that, you’ll need to set up a Dynamic DNS service before setting up WireGuard. DuckDNS is a free DDNS service that you can use. With DuckDNS, you can create a subdomain that will point to your public IP address, and it will automatically update the IP address when it changes.

To set up DuckDNS on Unraid, go to the Apps tab, search for the DuckDNS Docker container and click on the Install button. A configuration page comes up where you would need to enter the DuckDNS subdomain and also the DuckDNS token number. So, on another tab, go to duckdns.org and sign in using one of the available methods. After you sign in, create a new subdomain. Go back to Unraid and under, Subdomains, enter the new subdomain that you created. Then, under Token, enter the DuckDNS token number and click on Apply.

Set up a WireGuard Client

After DuckDNS is set on Unraid, go back to the App tab, search for the WireGuard plugin, and install it. Then, to configure the VPN, go to the Settings tab and click on VPN Manager.

In the VPN Manager, set up the Local name for the VPN. Then, for the Local private key and the Local public key, click on Generate keypair. The Local endpoint will automatically have your public IP address. However, change it to point to the DuckDNS subdomain that you created. So, enter the DuckDNS URL and then click on Apply.

The next thing to do is configure a port forwarding rule to forward traffic to the WireGuard port, which is 51820. So, open your router settings page and locate the Port forwarding settings. Create a new rule with the following:

• Port: 51820
• Forward IP: The Unraid IP address
• Forwarding Port: 51820
• Protocol: UDP

Save the new rule, and depending on the router you have, you might need to reboot it to apply the changes.

Set up a WireGuard Peer

Now that you have the WireGuard client configured on Unraid, you can set up the devices you want to connect to the VPN. So, click on Add Peer. Set up a name for the new peer. Then, for the Peer type of access, there are several options that you can select. However, when connecting to the VPN from a public connection, you want to route all traffic through the VPN securely. So, select the option Remote tunnel access. For the Peer private key and the Peer public key, click on Generate Keypair. Then, click on Generate Key for the Peer preshared key and click on Apply to save the new peer.

On the right side of the peer, there is an eye icon. If you click on it, it will provide you with the peer’s configuration so you can set it up on the device that you would like to connect to the VPN.

Set up a WireGuard Peer on mobile

To set up WireGuard on a mobile device, download the WireGuard app from the App store. Open the app and then click on the Plus “+” icon to add a new tunnel. Tap the option Scan from QR code and scan the QR code showing on the WireGuard client on Unraid. Set up a name for the VPN and then tap Create tunnel. That’s about it. Disconnect from your WiFi and turn on the VPN and check if your device is getting the same public IP address from your home Internet connection.

Set up a WireGuard Peer on Windows/Mac

To set up another device to connect to the VPN, for example, a Windows or a Mac computer, create a new Peer. After that, click on the Config icon on the right side and then click on the Download button to download the configuration. Then, go to the WireGuard website and download the WireGuard app. The app for both Windows and Mac is the same, so you can follow along for either operating system.

After installing the WireGuard app, open it and click on Add Tunnel on the bottom left. Then, select the Peer configuration file downloaded from the WireGuard client. And that’s it. You can then click on the Activate button when connected elsewhere, and it will connect securely to your WireGuard VPN.