Connection problems when trying to connect Home Assistant OS with Wireguard server

Installation Home Assistant OS
1

I have a self-hosted wireguard server for my own little VPN with my different devices. Now I tried to connect Home Assistant with this server. A lot of things are easier since wireguard is an official kernel module.
I was able to start in the home assistant command line a new docker container and place the config for the client in the data mount /mnt/data/wireguard_config/. To start the docker container I used that command:

docker run -d \
  --name=wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/London \
  -v /mnt/data/wireguard_config:/config \
  -v /lib/modules:/lib/modules \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --restart unless-stopped \
  ghcr.io/linuxserver/wireguard

My client config looks like this:

[Interface]
Address = 10.13.13.9
PrivateKey = ************
ListenPort = 51820
DNS = 10.13.13.1

[Peer]
PublicKey = **********
Endpoint = *.*.*.*:51820
AllowedIPs = 10.13.13.0/32

The docker container starts like expected:

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing... 
Uname info: Linux 0b0ca16835b3 5.4.79-v8 #1 SMP PREEMPT Fri Jan 1 16:40:13 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
**** Client mode selected. ****
**** Disabling CoreDNS ****
[cont-init.d] 30-config: exited 0.
[cont-init.d] 99-custom-scripts: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.13.13.9 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] ip -4 route add 10.13.13.0/32 dev wg0

But I get no connection to the server. I tried to ping the server. But that didn’t work out either. Has anyone had a similar problem? Is there possibly a firewall that prevents the connection? Maybe because it goes via UDP instead of the more common TCP.

2

any progress on your problem? would like to read if you succeeded because i have the same issue.

3

Hey guys, did you solve this problem? In homeassistant today there is the option of Add-on Wireguard with duckdns, but it doesn’t work well, it always crashes.

4

The solution I found was the following, in docker command, not the field:
-e SERVERURL=your_external_ip_or_dns

You also need to do port forwarding on your router:

  1. release port 51820
  2. indicate the ip of the device running your wireguard
  3. Log in with gmail on duckdns and create a subdomain, get the token
  4. Save the code below with the docker-compose.yml extension
version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Sao_Paulo
      - SERVERURL=your_subdomain.duckdns.org 
      - SERVERPORT=51820 #optional
      - PEERS=1 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS= #optional
      - LOG_CONFS=true #optional
    volumes:
      - ./config:/config
      - ./lib/modules:/lib/modules #optional
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

  duckdns:
    image: lscr.io/linuxserver/duckdns:latest
    container_name: duckdns
    environment:
      - PUID=1000 #optional
      - PGID=1000 #optional
      - TZ=America/Sao_Paulo
      - SUBDOMAINS=your_subdomain1,your_subdomain2 #Do not paste .duckdns.org
      - TOKEN=duck_dns_token
      - LOG_FILE=false #optional
    volumes:
      - /duckdns/config:/config #optional
    restart: unless-stopped
  1. Run the docker-compose up command

Remember that the intention is to access your internal network externally. After reading the qrcode that is in /config/peer1/peer1.png connect to vpn. Once connected, to access your homeassistant you must know the local IP of the device:
homeassistant_ip:8123