Home Assistant Community Add-on: WireGuard

Thank you for the work, i just set it up on my Hassio instance, can ping the wireguarg ip interface but if i try to to ssh or access the web page i get connection refused. Is there some forwarding to enable in HAssio?
Thanks

mmhh where is that?

It’s a OnePlus 3t: Settings | Wi-Fi & Internet | Private DNS

So using this kind of home VPN allows secure connection to my LAN and I can browse internet through my home ISP only and it do not encrypt my connection to internet, right? So my ISP can see my traffic then? It doesn’t work like HideMyAss or similar services, correct?

Thank you.

so the only issue i’m having is… i setup mine with the duckdns address. everything works locally on my home network fine. however, once i leave my home network, suddenly i have no internet connection… is anyone else having that issue? the point of a vpn is partially for data encryption, but partially for access to a network when not on that network without having to forward a bunch of devices and/or ports

update(9/13/19):
it looks like i’m actually not able to connect to the internet either way… so it seems it’s not working at all for me yet

update(9/16/13):
i got it working. i had a typo on the IP address in the forwarded port

1 Like

For people that want to access LAN only through the VPN but internet through their regular traffic (eg to access local services at home, but from anywhere without forwarding ports)

you can change your config up a bit similar to this:

[Interface]
PrivateKey = YOURPRIVATEKEY=
Address = 10.99.97.2/22
DNS = 172.16.0.1 #YOUR HOME DNS FOR LOCAL SERVICES OR 1.1.1.1

[Peer]
PublicKey = THISISYOURPUBLICKEY=
AllowedIPs = 172.16.0.0/24 #HOME LAN NETWORK
Endpoint = vpn.yourhome.com:51820 

1 Like

I have my network setup like this, took a lot of trial and error but I’ve finally managed it.

I use a tinker-board as a VPN gateway which connect to PIA’s VPN servers, then I use another Tinker-board to VPN into my network.
So about 98% of traffic in/out is encrypted (the only think I can’t seem to put through the VPN is my TV’s, Netflix doesn’t like it).

You might find these tutorial’s useful:


Is anyone else experiencing low bandwidth when using Wireguard?

I have a 1gbit down/up connection, I get 200-300 mbps when doing a speedtest on wifi, but if I enable wireguard I get around 25-30 mbps.

Hardware: Intel nuc7pjyh, latest hassos/hassio installed on ssd, cpu usage is max 5% during speed test.

So perhaps I am being dense but its not clear to me how I have more then one client connected. It seems to work just fine when I have a single client but when i add another peer it stops working on both. I have the following config in the hass add on


{
  "server": {
    "host": "automation.xxxxxxxx",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": []
  },
  "peers": [
    {
      "pre_shared_key": "!secret wireguard_preshared_key",
      "name": "laptop",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    },
    {
      "pre_shared_key": "!secret wireguard_preshared_key",
      "name": "iPhone",
      "addresses": [
        "172.27.66.3"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    }
  ]
}

Any thoughts on what might be happening here ? Again, it works fine with the following only

{
  "server": {
    "host": "automation.xxxxxxxx.com",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": []
  },
  "peers": [
    {
      "pre_shared_key": "!secret wireguard_preshared_key",
      "name": "laptop",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    }
  ]
}

But as soon as I add a second host it fails…

Mine works ok - the only difference between our config is I don’t specify a pre_shared_key

I’m running Dnsmasq alongside WireGuard, and adding "dns": ["172.30.32.1"] to the add-on config wasn’t working for me.

I then realized this setting is actually used to generate client configurations (that are then imported into clients), as described in the README.md from WireGuard add-on. Since I had already exported the config and setup my Android client before having the right DNS setting in the add-on config, it was still using the default DNS (1.1.1.1 in my case).

Updating the WireGuard settings on my client to use “172.30.32.1” worked for me - maybe this would also apply for AdGuard/Pi-hole?

2 Likes

Fixed my issue…now my ad blocking with AdGuard is working.

Thanks!

Nice Addon. But i also experience slow speed.
Download internet is 50MBit, but with wireguard enabled i reach 4Mbit upload speed through the vpn.
Which is as slow as openvpn is. What can be the bottleneck here. Using a raspberry pi 4 with exteral usb 3.0 drive.

Does it only have an effect when you try to use Home assistant etc when away or also when you are at home?

For me both at home and when not at home. It seems to be capped at around 30-40 mbps regardless if using home wifi or office wifi.

Just to be clear - does that mean that you internet basically goes down to 30-40 mbps for everything you do on the internet (Netflix etc.) or am I misunderstanding something?

When connected to my Wireguard server running on my Hass.io Intel Nuc, I get 30-40 mbps download/upload speed, regardless if I am watching Netflix or performing a Speedtest.net test.

When not using Wireguard, but connected to the same Wi-Fi hotspot or mobile internet connection, I am getting around 200-300 mbps download/upload speed.

Therefore, Wireguard is limiting my internet connection to around 30-40 mbps. It does not appear to be a CPU usage problem, as CPU usage is max 5% during speedtest.net test when connected via wireguard.

As such, I suspect there is something wrong with the kernel modules or the way the addon is implemented, as it seems to be not running at full potential on Hass.io.

Hi, How to use this with a windows PC?

I downloaded the windows app, and it asks “IMPORT TUNNEL FROM FILE” … but how/where to get this file? Thanks

@Klagio Watch the YouTube vid or read the manual, since it is stated in both.

I see now that it can’t be used with a nabu casa address. Is there a work around or do I need to setup duck DNS again?

1 Like