# Wireguard

I had two goals I wanted to accomplish with VPNs.

1. I need to redirect all outbound traffic from a specific subnet through a VPN so any client on that subnet would have its privacy protected by the VPN.

2. Allow me to VPN into my home network from somehwere else and have access to everything as if I was sitting on my computer at home.

Both of them could have been accomlished with any VPN most likely but I went with [WireGuard](https://bookstack.swigg.net/books/networking/page/wireguard) since it is a simple and fast VPN whose setup is similar to SSH so it was inuitive for me to setup.

## Host Setup

To use _Wireguard_ inside of a LXC container the host has to have _Wireguard_ installed since _LXC_ guests are run with the kernel of the host system. _Wireguard_ was first mainlined into the _Linux_ kernel in version 5.6 so with kernel versions using 5.6 or later it is already built in. Anything before 5.6 that doesn't specifically have _Wireguard_ backported in will need to use kernel modules to get it working. [Wireguard.com](https://www.wireguard.com/install/) has detailed instructions on how to install it on nearly any platform. Since I am using _Proxmox_ as my host it was already backported into the kernel.

## Guest Setup

Additionally I needed the `wireguard-tools` package in the _LXC_ guest and `resolvconf` so DNS can be configured properly.

```bash
# echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/buster-backports.list
# apt update
# apt install --no-install-recommends wireguard-tools
# apt install resolvconf
```