Setting up a Self Hosted VPN using Wireguard and Netmaker

Posted by
published
September 10, 2024
TABLE OF CONTENTS
Get Secure Remote Access with Netmaker
Sign up for a 2-week free trial and experience seamless remote access for easy setup and full control with Netmaker.

Whether you're a tech enthusiast who relishes the challenge of managing your own network, a small business owner seeking to optimize network control, a budget-conscious user tired of recurring VPN subscription fees, or a novice eager to learn about VPNs, this blog post is designed specifically for you. We will explore why self-hosted VPNs can often be the most advantageous choice for your networking needs. Additionally, we provide an in-depth guide on how to implement self-hosted VPN solutions effectively, ensuring you get the most out of your network security.

Shortcomings of Public VPN Providers

While public VPN providers are often the default choice for many, they are not without their drawbacks. These shortcomings may lead you to consider the benefits of a self-hosted VPN.

One significant concern is that your VPN service provider could potentially track your online behavior and even exploit your data. This practice is especially prevalent among free VPN services, which often provide access to their private servers in return for user data.

Performance degradation is another common issue, often attributable to bandwidth contention among multiple VPN users. The quality and robustness of the VPN infrastructure, as well as the efficiency of the VPN software, can significantly influence this issue.

Furthermore, the risk associated with shared IP addresses is non-trivial. Malicious users might exploit these shared IPs to send spam emails, leading to potential blacklisting of the IP across various internet service providers. Consequently, certain websites and applications may restrict your access based on the activities of others sharing your IP address, impacting your online experience.

Self Hosted VPNs

Operating a dedicated server provides distinct advantages. It grants you unshared access to the server's resources, inclusive of its entire bandwidth. The network functions devoid of disruptions, and you retain full control over the IP address. This level of autonomy enables you to administer the entire environment and user base, providing the flexibility to create accounts for family, colleagues, or friends as needed. However, managing a self-hosted VPN necessitates a foundational understanding of computer networks, server architecture, Linux operating systems, and hosting mechanisms.

A VPN becomes a critical tool when you need to access your home lab server or Network Attached Storage (NAS) from a domain or subdomain, especially if your system is situated behind a Carrier-Grade NAT (CGNAT). By leveraging a VPN in conjunction with port forwarding or a reverse proxy, you can effectively bypass the CGNAT, ensuring seamless access to your resources.

How to implement Self Hosted VPNs?

Traditional networking has often relied on tried-and-true but somewhat slow VPN solutions like OpenVPN, SSTP, and others. While these VPN protocols are dependable, they often compromise on performance. This is where WireGuard, a game-changing VPN protocol, steps in.

WireGuard is a VPN protocol that facilitates communication between a client and a VPN server. It's known for its impressive speed and unique support for UDP, eliminating the need for handshake protocols. This feature gives WireGuard a speed advantage over OpenVPN, which requires TCP checks. Additionally, WireGuard's open-source nature further enhances its appeal and gives more control to the users.

Features of the WireGuard Protocol

  • Responsiveness: WireGuard's rapid connection establishment, even during network roaming, ensures reliable connectivity and a seamless user experience.
  • Security: WireGuard uses advanced cryptographic techniques and robust default settings. Its compact and simple codebase facilitates effective security audits.
  • Speed: WireGuard's core components are directly integrated within the Linux kernel for Linux servers and desktops, resulting in superior performance compared to VPNs that operate in userspace.
  • Deployment Simplicity: WireGuard offers pre-configured client applications for various platforms, simplifying installation. Server-side setup is straightforward, resembling SSH configuration.

Setting up WireGuard

There are multiple ways to set up a WireGuard VPN, we'll focus on just two here:

Build it Manually

This option involves installing WireGuard natively into the machine. The WireGuard Docs have a clear and detailed instructions on how to go about this.

Advantages:

  • This approach is entirely cost-free.
  • Complete control over data.
  • Capability for low-level configuration.
  • Access to WireGuard's full speed potential.

Disadvantages:

  • Manual client authentication required.
  • Manual network management necessary.
  • Implementation of user management and access control can be challenging.

Setting up WireGuard using Netmaker

Netmaker automates a secure superhighway between devices, clouds, virtual machines, and servers using WireGuard.

Netmaker adds advanced functionalities such as user management, access control, and a centralized control panel, among others. Simultaneously, it ensures access to the core features of WireGuard is maintained.

Netmaker offers a Self-Hosted Gateway option, which is perfectly suited for self-hosting scenarios.

Advantages:

  • The Self-Hosted Gateway option is free of charge.
  • Netmaker supports low-level configuration using WireGuard config files.
  • Netmaker is significantly faster, boasting speeds up to 15 times faster than OpenVPN.
  • It's more robust and capable of handling complex setups.

Disadvantages:

  • In terms of speed, Netmaker is slightly slower compared to pure WireGuard.
  • There's no dedicated integration for Android and iOS, requiring the use of WireGuard client access for these devices.

Setting up Your Own Netmaker Instance: A Quick Guide

Ready to harness the full power of Netmaker? Setting up your own instance is easier than you might think. Let's walk through the process step-by-step, ensuring you're up and running in no time.

‍

What You'll Need:

  • A server running Ubuntu 24.04 (our top recommendation for smooth sailing)
  • A public static IP address (your gateway to the world)
  • A domain name (e.g., netmaker.yourdomain.com)
  • Modest hardware: 1 GB RAM, 1 CPU, and 2 GB storage will do the trick
  • For production environments, we suggest beefing it up to 2 GB RAM, 2 CPUs, and 10 GB storage

Preparing Your Fortress:

Before we dive in, let's ensure your server's doors are open to the right visitors:

  • TCP 80 & 443: For our sleek web interface and robust API
  • UDP 51821: The lifeblood of WireGuard traffic
  • TCP 51821: Our secret handshake for endpoint detection
  • TCP & UDP 53: If you're opting for CoreDNS (optional)
  • Additional ports for MQTT if EMQX is your flavor (optional)

Don't forget to point your chosen subdomain (e.g., netmaker.yourdomain.com) to your server's IP. You'll need the keys to your DNS kingdom for this step.

Ready for the easiest part? Fire up your terminal and let this one-liner do the heavy lifting:

sudo wget -qO /root/nm-quick.sh 
https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh && sudo chmod +x /root/nm-quick.sh && sudo /root/nm-quick.sh

‍

This script is your express ticket to Netmaker PRO, complete with a 14-day all-access pass to our premium features.

After Your Trial:

Loving what you see? Great! You can either upgrade to a full PRO license or switch to our feature-packed community edition. The choice is yours.

Additional Configuration:

  • Supercharge your setup with OAuth integration for top-notch security and user management.
  • Fine-tune your firewall rules to ensure your Netmaker fortress is impenetrable.

Want the VIP treatment? Skip the DIY and let us handle the heavy lifting. Visit our SaaS platform to spin up your Netmaker server with just a few clicks.

Welcome to the future of networking – you're going to love it here!

Conclusion

Netmaker automates many of the complex tasks involved in setting up a VPN, making it easier for individuals and businesses to create their own self-hosted VPNs. Opting for a self-hosted VPN can be a wise choice, and if you decide to go this route, we hope this article sheds light on some of the available options and their potential benefits. However, it's important to note that the structure of the network and the desired performance are crucial factors in determining the most suitable options.

‍

Get Secure Remote Access with Netmaker
Sign up for a 2-week free trial and experience seamless remote access for easy setup and full control with Netmaker.
More posts

GET STARTED

A WireGuard® VPN that connects machines securely, wherever they are.
Star us on GitHub
Can we use Cookies?  (see  Privacy Policy).