welsberr
/
VHostLoom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
VHostLoom/wireguard
History
Wesley R. Elsberry a4e7d10389 Added Wireguard README.md 2025-11-20 08:43:15 -05:00
..
README.md Added Wireguard README.md 2025-11-20 08:43:15 -05:00
wg0.conf.example Added Wireguard option for VPN 2025-11-20 08:40:23 -05:00

README.md

WireGuard Module for VHostLoom

This optional module adds a WireGuard VPN interface (wg0) so you can access private services (e.g., Stable Diffusion, Llamafile, Ollama, Forgejo SSH, etc.) securely over a VPN, without exposing them on the public Internet.

Overview

  • WireGuard listens on UDP 51820 on the WAN interface.
  • Clients connect to the server and receive an address in a VPN subnet (e.g., 10.20.0.0/24).
  • nftables rules restrict "private services" to be reachable only via the WireGuard interface (wg0), while public services (Traefik on 80/443) remain exposed on the WAN interface.

Setup

  1. Copy and edit WireGuard config

    sudo mkdir -p /etc/wireguard
sudo cp wireguard/wg0.conf.example /etc/wireguard/wg0.conf
sudo chmod 600 /etc/wireguard/wg0.conf