Secure your VPN
Run a WireGuard VPN
WireGuard is the newest, leanest, meanest VPN protocol on the scene. Let’s get those wires guarded!
Thanks to the wonders of open source it’s possible to run your own VPN. Depending on your purposes (i.e. if you want to break rules) this might not be for you. But if you want a secure tunnel to your home connection or a VPS (virtual private server) when you’re away, then we’ll show you how. Before we do that though, let’s look at a lesserknown feature of another jewel of FLOSS,
OpenSSH.
As it happens it’s full of hidden gems. For example, during an SSH session, if you type Enter then ~ then C, you can access a super-secret command shell, from which you can add any port forwarding options. Very handy if you forgot to add them when you initiated the session.
But anyway, we digress. See the box (below) for how to set up a rough ‘n’ ready not-quite VPN with SSH. Setting up a grown-up VPN is a little harder, but hopefully we can fit it in the remaining space. WireGuard is still quite new (it was only added to the Linux kernel in April 2020) and while it aims to be (and architecturally is) simpler than OpenVPN and others, we’ll see that there’s still a lot of manual setup involved. In the future there’ll be additional helpers for dealing with key distribution and IP address allocation, but for now we’ll have to do everything ourselves. WireGuard by design wants to have a minimal attack surface, and as such it is firmly a network layer service. Things like DHCP (or anything analogous to it that might help WireGuard) exist elsewhere in the OSI stack, so they’ll never be added to WireGuard itself.