Community Hass.io Add-on: WireGuard

Tags: #<Tag:0x00007f3f15ce2150> #<Tag:0x00007f3f15ce2010>

This add-on is provided by the Community Hass.io Add-ons project.

GitHub Release GitLab CI Project Stage Project Maintenance

Supports armhf Architecture Supports armv7 Architecture Supports aarch64 Architecture Supports amd64 Architecture Supports i386 Architecture

WireGuard: fast, modern, secure VPN tunnel.

About


WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache.

It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and supercomputers alike, fit for many different circumstances.

Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable, including via an Hass.io add-on!

WireGuard is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and the simplest VPN solution in the industry.

Installation


WireGuard is pretty simple, however, can be quite complex for a user that isn’t familiar with all terminology used. The add-on takes care of a lot of things for you (if you want).

Follow the following steps for installation & a quick start:

  1. Add our Hass.io add-ons repository to your Hass.io instance.
    Add the following URL: https://github.com/hassio-addons/repository
  2. Install the “WireGuard” add-on.
  3. Set the host configuration option to your Hass.io (external) address, e.g., myhome.duckdns.org.
  4. Change the name of the peer to something useful, e.g., myphone.
  5. Save the configuration.
  6. Start the “WireGuard” add-on
  7. Check the logs of the “WireGuard” add-on to see if everything went well.
  8. Forward port 51820 (UDP!) in your router to your Hass.io IP.
  9. Download/Open the file /ssl/wireguard/myphone/qrcode.png stored on your Hass.io machine, e.g., using Samba, Visual Studio Code or the Configurator add-on.
  10. Install the WireGuard app on your phone.
  11. Add a new WireGuard connection to your phone, by scanning the QR code.
  12. Connect!

Instruction video


Support


You can always get support here at the Home Assistant community forums, join the conversation!

You have several options to get them answered:

You could also open an issue on GitHub, in case you ran into a bug, or maybe you have an idea on improving the addon:

We will do our best to help you out!

Repository on GitHub


Looking for more add-ons?


The primary goal of our add-ons project is to provide you (as an Hassio / Home Assistant user) with additional, high quality, add-ons that allow you to take your automated home to the next level.

Check out some of our other add-ons in our Community Hass.io Add-ons project.

10 Likes

About the author of this add-on

Hi there!

I am Franck Nijhof, and I have 30 years of programming experience, in many languages. I am using this experience to work on the Home Assistant project by giving back my knowledge and time to the open source community.

The add-on you are currently looking at right now was developed/packaged by me. It is not the only add-on I have created; there are many many more :wink:

However, I have a problem… I am an addict. A :coffee: addict that is. Lucky for you, I turn that C8H10N4O2 (caffeine molecule) into code (and add-ons)!

If you want to show your appreciation, consider buying me a cup of high octane wakey juice by clicking on the “By me a coffee” image below! :heart:

Buy me a coffee

Or, become a Patron and support my work!

Enjoy your add-on, while I enjoy the brain juice. :coffee:

Thanks for all the :two_hearts:

…/Frenck

Join our Discord server Follow me on Twitter Flollow me on Instragram Follow me on GitHub Follow me on YouTube Follow me on Twitch patreon-icon

P.S.: In case you want to ask me a question: AMA (Ask Me Anything). Most of the time I am online at the Discord chat. (I go by @Frenck in there as well).

1 Like

:tada: Release v0.1.0

:tada: Initial add-on release!

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work: https://patreon.com/frenck

Thanks Franck, up and running here, such a simple install, so much easier than previous vpn experiences

1 Like

:tada: Release v0.1.1

Full Changelog

This releases fixed a bug where an non-private IP spaced ended up in
the default configuration. Sorry about that.

:hammer: Changes

  • :ambulance: Change the default IP range setting to follow RFC1918

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work: https://patreon.com/frenck

So I’m struggling to figure out how to do two things;

Configure multiple clients, and set it so only local network traffic goes through the vpn.

can’t seem to join the discord…

I live in a country with third world internet so if all my traffic is routed through my speed goes down to sub 1mbps…

I tried adding my local network under allowed ips but when I do that I can’t access anything :thinking:. (172.16.0.0/24)

Hey @frenck, love this, great work! :smile:

I’m struggling to get it to use AdGuard though, I have:

"dns": [
    "172.30.32.1"
  ]

in the server section of my config but it doesn’t seem to do anything, am I missing something?

AdGuard works when I use it as my DNS on my phone directly on the wifi :man_shrugging: :confused:

Hey @frenck, thank you for your great work!
Next week, I will get a new internet access, which uses IPv6 (DSLite, so no DualStack). Do you already know if this WireGuard Add-on will work with IPv6?

The IP address of my phone (not connected to wifi) is now the same as my public IP address, is that correct? I thought it would be a completely new IP address.

The public IP Adress from your ISP where HA is connected to? Then Yes

TIP: Make sure your Dynamic DNS IP is up to date!

  1. Visit whatsmyip.org to see your current external IP.
  2. Use nslookup to verify the IP on your Dynamic DNS domain (e.g. myhassio.duckdns.org) matches.

That is how I discovered that my new Unifi Security Gateway was not configured to correctly update my Dynamic DNS domain.


I was running Wireguard on a Raspberry Pi, which I configured when @DrZzs did his Wireguard tutorial some months back. I realized that it was a “set and forget install” that would have never been updated with security patches!

Thanks to @frenck I can switch to a version that will be easy to update! This is amazing, thank you! I recently switched to hass.io on Ubuntu from docker and this sold me on supporting you on Patreon.

Great stuff Man! Again an amazing add-on. Just one question I set DNS server to my router which patches all traffic through a VPN (public) I added my wireguard address (172.x.x.x) to it but it won’t tunnel.is it because my range is 192.x.x.x? How could that be realized?

I set mine the same way and have the same issue.

1 Like

How is it possible to access other devices in my LAN (possible)?

For example my HASSIO is at 192.168.1.10, I forward in my router port 58520 to 192.168.1.10.
I guess this allows me to access HASSIO and other addons at 192.168.1.10… from outside my LAN by typing 192.168.1.10 in a browser

How can I configure so that I can access, let’s say
192.168.1.11 a pi4 on my LAN
192.168.1.12 a QNAP on my LAN
192.168.1.13 a IP camera on my LAN
and so on?

Normally if you are connected to your wireguard server (hassio) you have access to your entire network and devices …that’s the goal of VPN

I apologise for a stupid question but here goes.

Ive installed this add-on and it works brilliantly, I can now access hassio on my iPhone via this add-on/VPN but I can also access hassio via the iOS app on my iPhone as Ive done previously, and then I was thinking of signing up to Nabu Case. so whats the advantages and disadvantages of each please?

This is fantastic!

Since the documentation mentions using it with AdGuard or Pi-Hole, it would be really helpful if it mentioned exactly what you need to do to get them to interface together.

I see there are some posts asking about Adguard, and I’m trying to figure out how to do this with Pi-Hole.

Thanks!

Edit: Oh, anyone able to install the Wireguard application on Windows 10 x64? I get an error.

What error? The application works fine for me although 2ith my previous mentioned problem

Screenshot%20(1)

This is the message I get when the installation fails.

are you running it as admin ?

1 Like