Igor Bubelov About Blog Photos

WireGuard

May 30, 2020

I have a Nextcloud server in my house, and it works great inside a local network, but it also needs to be reachable from the Internet and that’s where it gets a bit tricky. My server has a local IP, but it doesn’t have a globally reachable IP, and there are no easy ways to get one from a regular residential ISP.

The most convenient way to reach a website is by its domain name. Any browser can execute a DNS query to figure out the actual IP addresses behind a particular domain name you’re trying to access and once that address are found, your browser of choice can finally initiate a connection.

So, my Nextcloud server needs the following things to be globally reachable:

  1. A domain.
  2. A unique IP address to point that domain to.

I already had a domain and the only thing that missed was an unique IP address to put inside an A record. It turned out, Digital Ocean has a data center close enough (ping < 30 ms) to my house and I’ve decided to rent a cheap virtual machine there and use it’s globally reachable IP address for my local Nextcloud server.

It’s fair to stop there and ask yourself “why didn’t this guy just host his stupid Nextcloud on that droplet directly? What’s the point of hosting stuff from home?”. Those are good questions and the answer is: privacy and financial costs. I don’t want to hold my private data anywhere except my house, and I also don’t want to pay a lot of money for storage space that I already have and can use for free. Even buying a new HDD or an SSD is much, much cheaper than renting the equivalent space in the cloud.

So, my domain’s A record can point all the traffic to that DO droplet which has a unique and globally reachable IP address so the only extra thing I needed to do is to connect my home server with that VM somehow. I heard that setting up OpenVPN is not particularly easy, and I wanted to find an easier solution. A few web searches later, I ended up reading about a tool called autossh.

This excellent post helped me to get it up and running in no time but, unfortunately, autossh is kind of cryptic and sometimes it just stops working without logging any reasons why. That’s why I had to get rid of autossh and find a way to set up a proper VPN.

It turned out, setting up VPN can be pretty easy, thanks to WireGuard. It’s also the fastest out there. I highly recommend using WireGuard if you need a fast and reliable connection between your home computer and some server in the Internet.