There are many situations where a home VPN server may be useful. First of all, it allows you to securely access your home network remotely. And if you have a network wide ad blocker at home, you can still use it while you are away, by tunneling your device back to the home network. You can also access geographically restricted material back home while you are abroad, or give friends and family from other geographical areas access to resources available in your home area.
Do You Have a Public IP Address from Your ISP?
Before you start, please check that you have a public IP address from your ISP. If you don’t have a public IP address, it’s not possible to connect back to your router from the Internet.
Here’s how to check. If you have multiple routers connected to your Internet connection, connect your computer to the router that is directly connected to the ISP outlet.
Find your router’s IP address. On Windows, open a command line window by entering cmd.
Enter ipconfig in the command line window. Find the IP address for Default Gateway.
Open your browser and enter the IP address of your Default Gateway, for example: http://192.168.10.1. From there, you can log into your router’s management interface and find the IP addresses assigned by your ISP.
If you are using the pcWRT router, you can find the IP address on the Status page.
Open the WireGuard app. Tap the + button at the bottom right corner. Tap Create from QR code.
Go back to the pcWRT router console WireGuard page. Click on the QR code icon to bring up the QR code dialog.
Scan the QR code to set up the WireGuard client connection. Enter the Tunnel Name when prompted.
If you are connected to the WiFi, turn off WiFi on the phone. Tap the toggle button next to the Tunnel Name to initiate connection to the VPN server. A key icon will appear on the top of the screen when the VPN connection is established successfully.
You should be able to open the pcWRT router management console (e.g., http://192.168.10.1) from your smartphone.
Toggle off the VPN connection. You should lose access to the pcWRT router management console.
Caution: the client QR code contains both public and private keys for the client. Anyone with the QR code can connect to your WireGuard server. It is strongly advised that you don’t share the QR code by any means where it could be lost or stolen (e.g., email etc.).
Follow the steps below if you are testing connectivity from a computer. I’m using Windows 10 as an example here.
While you are still at the pcWRT router console, export the peer config file by clicking the Download icon.
Leave the Encryption Password empty. Download and save the config file.
Click the import button to import the WireGuard config file.
To test VPN connectivity, you need to disconnect your computer from the pcWRT router. Then connect it to another network to imitate connection from the Internet. For example, you can connect your computer to a WiFi hotspot provided by your smartphone, using the smartphone’s mobile network connection (i.e., the smartphone should be off WiFi too).
After you did the above steps, click Activate in the WireGuard window.
You should see that the VPN connection is activated.
Caution: the client config file contains both public and private keys for the client. Anyone with the config file can connect to your WireGuard server. It is strongly advised that you don’t share the config file by any means where it could be lost or stolen (e.g., email etc.).
Connect Another pcWRT Router as a VPN Client
Before you follow the steps below, make sure that the LAN IP addresses on the client router and the server router are different. For example, if the server router has LAN IP address 192.168.10.1, then change the client router’s LAN IP address to 192.168.101.1.
You can connect another pcWRT router to the WireGuard VPN server created above, forming a router to router tunnel. Devices connected to the client router will be tunneled to the server router, hence appear to be connected to the server router directly. Furthermore, these devices can access the local network on the server router.
Once you established a router to router VPN connection, there’s no need to start the VPN connection on your devices when they are connected to the client router.
Following are the steps to create a WireGuard VPN connection on the client router:
While in the server router console, export the peer config file by clicking the Download icon.
Enter an Encryption Password if you’d like to encrypt the peer config file (encrypted peer config can be transported safely via email, but it only works when exported from one pcWRT router and imported by another pcWRT router).
Download and save the peer config file.
Log on the client pcWRT router, go to the Apps page and click on WireGuard.
On the Client tab, check the network you want to enable the WireGuard VPN for (usually, LAN).
Under the Connections section, click the Add button.
In the popup dialog, click the Upload WireGuard Config link.
Select the peer config file to upload and enter the password. Click OK to upload.
Enter a name for the connection (e.g. Home Network). Click OK to dismiss the Add WireGuard Connection dialog.
Check Auto-start if you want to automatically start the VPN connection when the client router boots up. Click Save at the bottom of the page to save the changes.
After you perform the above steps, the client router is ready to connect to the server router. However, you need to move the client router to a different network (for example, to a friend’s house) in order to test connectivity between the routers.
* WireGuard® is a registered trademark of Jason A. Donenfeld.
If you enjoyed this article please consider sharing it!