Home Assistant Community Add-on: WireGuard

Fixed my issue…now my ad blocking with AdGuard is working.

Thanks!

Nice Addon. But i also experience slow speed.
Download internet is 50MBit, but with wireguard enabled i reach 4Mbit upload speed through the vpn.
Which is as slow as openvpn is. What can be the bottleneck here. Using a raspberry pi 4 with exteral usb 3.0 drive.

Does it only have an effect when you try to use Home assistant etc when away or also when you are at home?

For me both at home and when not at home. It seems to be capped at around 30-40 mbps regardless if using home wifi or office wifi.

Just to be clear - does that mean that you internet basically goes down to 30-40 mbps for everything you do on the internet (Netflix etc.) or am I misunderstanding something?

When connected to my Wireguard server running on my Hass.io Intel Nuc, I get 30-40 mbps download/upload speed, regardless if I am watching Netflix or performing a Speedtest.net test.

When not using Wireguard, but connected to the same Wi-Fi hotspot or mobile internet connection, I am getting around 200-300 mbps download/upload speed.

Therefore, Wireguard is limiting my internet connection to around 30-40 mbps. It does not appear to be a CPU usage problem, as CPU usage is max 5% during speedtest.net test when connected via wireguard.

As such, I suspect there is something wrong with the kernel modules or the way the addon is implemented, as it seems to be not running at full potential on Hass.io.

Hi, How to use this with a windows PC?

I downloaded the windows app, and it asks “IMPORT TUNNEL FROM FILE” … but how/where to get this file? Thanks

@Klagio Watch the YouTube vid or read the manual, since it is stated in both.

I see now that it can’t be used with a nabu casa address. Is there a work around or do I need to setup duck DNS again?

1 Like

Hi, I reinstalled from scratch, followed all the instruction, but when I am in 4G I can’t surf nowhere (no LAN, no internet), and also when in WiFI can’t surf (no LAN no internet) !!


{
  "server": {
    "host": "xxx.duckdns.org",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": [
      "172.30.32.1"
    ]
  },
  "peers": [
    {
      "name": "mi9tpro",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    },
    {
      "name": "t470s",
      "addresses": [
        "172.27.66.3"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    }
  ]
}

[19:11:38] INFO: Requesting current status from WireGuard...
interface: wg0
  public key: 5gVCDQ08G3H8HQ/Xmxxxxxxxxxxxxxxxxxxxxl4=
  private key: (hidden)
  listening port: 51820
peer: VQdd8h6x/UxU3crM5SXExxxxxxxxxxxxxxx
  allowed ips: 172.27.66.2/32
  persistent keepalive: every 25 seconds
peer: dumDaPzRDJ9msw8KMg5xxxxxxxxxxxxxxxxz4=
  allowed ips: 172.27.66.3/32
  persistent keepalive: every 25 seconds

In Android Wireguards LOG is stucjk a tSENDING HANDSHAKE INITIATION

clearing the CACHE and APP data on the Android phone, and reinstalling the data with qrcode, solved the issue

1 Like

Hey all,

i got a problem setting up the Add-on.
I can reach the internet through the Wireguard but not my internal network 192.168.0.0/24

this is my current config

{
  "server": {
    "host": "xxx",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": [
      "192.168.0.11"
    ]
  },
  "peers": [
    {
      "name": "mi9tpro",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [
        "172.27.66.0/24",
        "192.168.0.0/24"
      ],
      "client_allowed_ips": [
        "172.27.66.0/24",
        "192.168.0.0/24"
      ]
    }
  ]
}

whats wrong about it?

Thanks and best regards,
Stone

empty allowed_ips, you are now basically routing traffic in circles.

I was try and erroing and also empty allowed_ips does’nt work
Maybe more infos are usefull, I’m running hassio docker on top of ubuntu, also installed wireguard on the OS like the readme says

{
  "server": {
    "host": "xxx",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": [
      "192.168.0.11"
    ]
  },
  "peers": [
    {
      "name": "mi9tpro",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": [
        "172.27.66.0/24",
        "192.168.0.0/24"
      ]
    }
  ]
}

I want to try out de Wireguard addon, I follow the installation instructions from github. Now I got the following message when wanting to save te config-file just before starting the addon.

not a valid value for dictionary value @ data[‘options’]. Got {‘server’: {‘host’: ‘xxxxxx.duckdns.org’, ‘addresses’: [‘172.27.66.1’], ‘dns’: }, ‘peers’: [{‘name’: ‘Phone’, ‘addresses’: [‘172.27.66.2’], ‘allowed_ips’: , ‘client_allowed_ips’: }]}

this is the config:

{
“server”: {
“host”: “xxxxxx.duckdns.org”,
“addresses”: [
“172.27.66.1”
],
“dns”:
},
“peers”: [
{
“name”: “Phone”,
“addresses”: [
“172.27.66.2”
],
“allowed_ips”: ,
“client_allowed_ips”:
}
]
}

What went wrong here?

Take this config, you copied quotation marks in a wrong char set

{
  "server": {
    "host": "xxxxxx.duckdns.org",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": []
  },
  "peers": [
    {
      "name": "Phone",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    }
  ]
}

i just changed the host and the name, just like Frenck did in his vlog, not the quotation marks … this work, thanks !!!

just found the real problem…you can’t use underscores in the name like

"peers": [
    {
      "name": "Phone_name",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
1 Like

Great add-on! :tada:

I got one up and running in no time. But I struggle with a second installation on the same network.

I try to use the udp port 51821 for this but I can’t get the wireguard add-on to receive my outside calls.

The first installation uses the default port 51820 and works like expected with the dynamic dns and the port forwarding from my router to my hass.io installation

The second installation (on a second dedicated hass.io installation in the same network) uses the port 51821 configured in the hass.io -> addons -> wireguard tab (changed from the default 51820). I didn’t change the configuration text because their is only the internal/docker ip’s. I did also do the port forwarding from my router.

For testing I use the same client (android) as for the working installation (just added a new profile with the new qr code).But my second setup with the modified port will never arrive at my hass.io. I can’t tell why.

Could their be any limitations using a port other than the default one? :thinking:

Excuse the basic question but I am thinking of installing this. Opening ports is still a little scary :wink: so I want to understand something…

The two options peers.private_key and peers.public_key, both are optional and as I understand it:

  • they will both be generated automatically if neither are provided,
  • the private key will be generated if the public one is provided

(Correct?)

But the docs say that the public key should really be created manually.

Can someone expand on how to do this?

Thanks.