Home Assistant Community Add-on: WireGuard

silfa718 · October 21, 2019, 11:59pm

Fixed my issue…now my ad blocking with AdGuard is working.

Thanks!

Purejet · October 23, 2019, 8:30am

Nice Addon. But i also experience slow speed.
Download internet is 50MBit, but with wireguard enabled i reach 4Mbit upload speed through the vpn.
Which is as slow as openvpn is. What can be the bottleneck here. Using a raspberry pi 4 with exteral usb 3.0 drive.

Morten_DK · November 3, 2019, 9:25am

Does it only have an effect when you try to use Home assistant etc when away or also when you are at home?

maivorbim · November 4, 2019, 9:45am

For me both at home and when not at home. It seems to be capped at around 30-40 mbps regardless if using home wifi or office wifi.

Morten_DK · November 4, 2019, 6:19pm

Just to be clear - does that mean that you internet basically goes down to 30-40 mbps for everything you do on the internet (Netflix etc.) or am I misunderstanding something?

maivorbim · November 4, 2019, 6:35pm

When connected to my Wireguard server running on my Hass.io Intel Nuc, I get 30-40 mbps download/upload speed, regardless if I am watching Netflix or performing a Speedtest.net test.

When not using Wireguard, but connected to the same Wi-Fi hotspot or mobile internet connection, I am getting around 200-300 mbps download/upload speed.

Therefore, Wireguard is limiting my internet connection to around 30-40 mbps. It does not appear to be a CPU usage problem, as CPU usage is max 5% during speedtest.net test when connected via wireguard.

As such, I suspect there is something wrong with the kernel modules or the way the addon is implemented, as it seems to be not running at full potential on Hass.io.

Klagio · November 8, 2019, 12:33pm

Hi, How to use this with a windows PC?

I downloaded the windows app, and it asks “IMPORT TUNNEL FROM FILE” … but how/where to get this file? Thanks

frenck · November 8, 2019, 2:17pm

@Klagio Watch the YouTube vid or read the manual, since it is stated in both.

Nikiya_Osborn · November 9, 2019, 3:45pm

I see now that it can’t be used with a nabu casa address. Is there a work around or do I need to setup duck DNS again?

Klagio · November 30, 2019, 6:18pm

Hi, I reinstalled from scratch, followed all the instruction, but when I am in 4G I can’t surf nowhere (no LAN, no internet), and also when in WiFI can’t surf (no LAN no internet) !!


{
  "server": {
    "host": "xxx.duckdns.org",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": [
      "172.30.32.1"
    ]
  },
  "peers": [
    {
      "name": "mi9tpro",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    },
    {
      "name": "t470s",
      "addresses": [
        "172.27.66.3"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    }
  ]
}


[19:11:38] INFO: Requesting current status from WireGuard...
interface: wg0
  public key: 5gVCDQ08G3H8HQ/Xmxxxxxxxxxxxxxxxxxxxxl4=
  private key: (hidden)
  listening port: 51820
peer: VQdd8h6x/UxU3crM5SXExxxxxxxxxxxxxxx
  allowed ips: 172.27.66.2/32
  persistent keepalive: every 25 seconds
peer: dumDaPzRDJ9msw8KMg5xxxxxxxxxxxxxxxxz4=
  allowed ips: 172.27.66.3/32
  persistent keepalive: every 25 seconds

In Android Wireguards LOG is stucjk a tSENDING HANDSHAKE INITIATION

Klagio · December 2, 2019, 1:27pm

clearing the CACHE and APP data on the Android phone, and reinstalling the data with qrcode, solved the issue

LtCMDstone · December 6, 2019, 3:21pm

Hey all,

i got a problem setting up the Add-on.
I can reach the internet through the Wireguard but not my internal network 192.168.0.0/24

this is my current config

{
  "server": {
    "host": "xxx",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": [
      "192.168.0.11"
    ]
  },
  "peers": [
    {
      "name": "mi9tpro",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [
        "172.27.66.0/24",
        "192.168.0.0/24"
      ],
      "client_allowed_ips": [
        "172.27.66.0/24",
        "192.168.0.0/24"
      ]
    }
  ]
}

whats wrong about it?

Thanks and best regards,
Stone

frenck · December 6, 2019, 3:24pm

empty allowed_ips, you are now basically routing traffic in circles.

LtCMDstone · December 6, 2019, 5:07pm

I was try and erroing and also empty allowed_ips does’nt work
Maybe more infos are usefull, I’m running hassio docker on top of ubuntu, also installed wireguard on the OS like the readme says

{
  "server": {
    "host": "xxx",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": [
      "192.168.0.11"
    ]
  },
  "peers": [
    {
      "name": "mi9tpro",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": [
        "172.27.66.0/24",
        "192.168.0.0/24"
      ]
    }
  ]
}

djim01 · December 6, 2019, 6:36pm

I want to try out de Wireguard addon, I follow the installation instructions from github. Now I got the following message when wanting to save te config-file just before starting the addon.

not a valid value for dictionary value @ data[‘options’]. Got {‘server’: {‘host’: ‘xxxxxx.duckdns.org’, ‘addresses’: [‘172.27.66.1’], ‘dns’: }, ‘peers’: [{‘name’: ‘Phone’, ‘addresses’: [‘172.27.66.2’], ‘allowed_ips’: , ‘client_allowed_ips’: }]}

this is the config:

{
“server”: {
“host”: “xxxxxx.duckdns.org”,
“addresses”: [
“172.27.66.1”
],
“dns”:
},
“peers”: [
{
“name”: “Phone”,
“addresses”: [
“172.27.66.2”
],
“allowed_ips”: ,
“client_allowed_ips”:
}
]
}

What went wrong here?

LtCMDstone · December 7, 2019, 3:08am

Take this config, you copied quotation marks in a wrong char set

{
  "server": {
    "host": "xxxxxx.duckdns.org",
    "addresses": [
      "172.27.66.1"
    ],
    "dns": []
  },
  "peers": [
    {
      "name": "Phone",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []
    }
  ]
}

djim01 · December 7, 2019, 9:29am

i just changed the host and the name, just like Frenck did in his vlog, not the quotation marks … this work, thanks !!!

djim01 · December 7, 2019, 2:26pm

just found the real problem…you can’t use underscores in the name like

"peers": [
    {
      "name": "Phone_name",
      "addresses": [
        "172.27.66.2"
      ],
      "allowed_ips": [],
      "client_allowed_ips": []

orange-assistant · December 11, 2019, 4:16pm

Great add-on!

I got one up and running in no time. But I struggle with a second installation on the same network.

I try to use the udp port 51821 for this but I can’t get the wireguard add-on to receive my outside calls.

The first installation uses the default port 51820 and works like expected with the dynamic dns and the port forwarding from my router to my hass.io installation

The second installation (on a second dedicated hass.io installation in the same network) uses the port 51821 configured in the hass.io -> addons -> wireguard tab (changed from the default 51820). I didn’t change the configuration text because their is only the internal/docker ip’s. I did also do the port forwarding from my router.

For testing I use the same client (android) as for the working installation (just added a new profile with the new qr code).But my second setup with the modified port will never arrive at my hass.io. I can’t tell why.

Could their be any limitations using a port other than the default one?

klogg · December 12, 2019, 11:44am

Excuse the basic question but I am thinking of installing this. Opening ports is still a little scary so I want to understand something…

The two options peers.private_key and peers.public_key, both are optional and as I understand it:

they will both be generated automatically if neither are provided,
the private key will be generated if the public one is provided

(Correct?)

But the docs say that the public key should really be created manually.

Can someone expand on how to do this?

Thanks.