Home Assistant Community Add-on: WireGuard

Hi Guys.
I’ve read all the messages in this thread, but it’s not yet clear for me, is it possible to configure this addon in vice-versa mode? I have dedicated VPN server in AWS cloud and would like to initiate connection from my HA server to it. frenck wrote that addon works in server-only mode, but I’m still curious if it’s possible to use it as a client.

Hello everyone,

did some has got a wortking site-2-site wireguard configuration and could paste it here ?
I have got an working wg at a debian container (proxmox) and there is another remote HA Raspberry at my parents side. I would like to use this HA Addon to create a site 2 site tunnel between me and them. Can please someone help me to setup the HA site ?

Best regards
Sascha

1 Like

I’m not an expert on this topic, but you might want to look into the ZeroTier add-on. I think that’s the primary focus with them.

Hello norj, could you explain this a bit more in detail? I am facing the same problem, after I have protected my ha domain through cloudflare and since them my wireguard vpn is not working anymore.

Hello ph0b0s101,

In the DNS page of the cloudflare account I created a A record with my wireguard (wg.example.com) subdomain pointing to my IP. You can see there a orange cloud that means your IP is proxied. Click the cloud and will switch to grey, the proxy will turn off. I am not an expert, I have spend a year implementing my cloud an my homeassistant from 0 Knowledge.
I hope is what you need. If not, reply with more questions.

1 Like

and you put the domain with the a record to your wireguard configuration as the host?

server:
host: wg.example.com

Edit: This tweak solved my problem. Thank you so much for your help :smiley:

You are welcome

Hi, to everybody!
Me to interesting to use it as a client. Basically, I’m usinig WGuard sever in my office with white IP and need to setup connection for HA as a client from house (Gray IP). Do you have any ideas?

1 Like

Hi! Any 1 have working WireGuard sensor (Connected/Disconnected, last connect)?

Hi All - this implementation of wireguard is awesome thanks!

Can someone help me use my adguard with this? I can’t seem to route wireguard traffic through my adguard dns server (192.168.86.10 on my home network).

On the iOS app, it indicates my DNS is 172.30.32.3… not sure where that came from.

do i need to specify the DNS on the client side? Or, is there a way to specify from the server

server:
  host: ***.duckdns.org
  addresses:
    - 172.27.66.1
  dns:
    - 192.168.86.10
    - '2600:1700:37a8:550f:6098:5bcd:f85f:594c'
    - 172.30.32.1
peers:
  - name: bluebird
    addresses:
      - 172.27.66.2
    allowed_ips: []
    client_allowed_ips: []

Hey MarkGaze - did you figure out how to use AdGuard over wireguard?

It actually covers this exact use case right in the doc for the add-on. In the full readme, here’s what it says for the dns field:

A list of DNS servers used by the add-on and the configuration generated for the clients. This configuration option is optional, and if no DNS servers are set, it will use the built-in DNS server from Hass.io.

If you are running the AdGuard add-on, you can add 172.30.32.1 as a DNS IP address in the list. This will cause your clients to use those. What this does, it effectively making your clients to have ad-filtering (e.g., your mobile phone), while not at home.

The thing to remember is that all the components which are managed by supervisor (including add-ons) are docker containers. Which means there’s an internal network that these components can communicate on.

Will it work if you put 192.168.86.10 as the dns server? Sure, its just slower. The add-on has to get to that DNS server to get its request answered. That request has to get all the way to your router since its the only one that knows which machine that IP address corresponds to. Then it makes its way back to your HA device and into the docker network to the Adguard add-on.

If you put 172.30.32.1 instead then it never goes to your router. Since that’s an internal docker address it just gets routed from one add-on directly to the other and you get your DNS answer without it ever leaving the internal docker network.

thank you much - this worked!

Is there a way to use privoxy with wireguard? I lost my connection server once i implemented wireguard.

Glad you’ve sorted it because I’m pretty sure it just started working after I posted here so assume I had some sort of caching issue!

Not familiar with privoxy so not sure. But based on the name and some quick googling it sounds like a privacy-oriented proxy service? I don’t see any config options around proxy in the add-on so I’m tempted to say no but not certain on that.

Yeah - I would like to tell my iPhone to connect to my proxy server when remotely connected to my home network through WireGuard vpn. I can’t seem to find any settings in my phone or WireGuard. I wonder if there are some network rules I could set up to allow this… my only goal here is have better ad blocking on the go (adguard + privoxy).

I’ve looked all over and have not been able, so far, to find a solution.

I would like to set up an automation that sends a text message when a user has connected to Wireguard. I have it working just fine. When no user/client is connected, the status is: “unavailable”. For a brief period of time, when a user is connected, the status changes to:

REST Sensor changed to {“xxxuser”:{“endpoint”:“192.168.x.x:38525”,“latest_handshake”:xxxxxxxx,“transfer_rx”:257940,“transfer_tx”:1712980},“yyyyuser”:{“endpoint”:“192.168.x.x:39692”,“latest_handshake”:xxxxxxxx,“transfer_rx”:2100,“transfer_tx”:998752}}
10:56:02 AM - 12 seconds ago

The tx and rx values change so the entire text cannot be used in an automation where state changes from “From” to “To”. The “From” field is “unavailable” but the “To” field requires a constant or (and this is where I need help) possible a regex expression that would account for changing variables (wildcards).

Does anyone have an Idea as to how this can be done?

I can use the Internet and other local devices in my network, but I can’t
access to HA.

server:
host: XXX.duckdns.org
addresses:
- 192.168.1.107/32
dns:
- 1.1.1.1
peers:

  • name: p1
    addresses:
    • 192.168.1.151/32
      allowed_ips: []
      client_allowed_ips: []
  • name: p2
    addresses:
    • 192.168.1.152/32
      allowed_ips: []
      client_allowed_ips: []

If I go 192.168.1.107 it gives
{“p1”:{“endpoint”:"(none)",“latest_handshake”:0,“transfer_rx”:0,“transfer_tx”:0},“p2”:{“endpoint”:“XXX:XXX”,“latest_handshake”:1613402178,“transfer_rx”:2375560,“transfer_tx”:9093644}}
192.168.1.107:8123 gives “ERR_CONNECTION_REFUSED”

Is it problem with wireguard or unifi firewall?

i am able to connect to my wireguard b/t my devices and home assistant.
However, I cannot access other devices on my home network.

I have read that I need to add details to ‘allowed_ips:’ from [] to ?
I am unsure what and where I should add details to these allowed ips to be able to connect to other devices on my internet.

thanks!

Hi! Same thing “ERR_CONNECTION_REFUSED”