Requirements
- you have already deployed a PiRogue online
- your PiRogue operates on the mode Wireguard
- the Wireguard application is already installed on the mobile device (Android or iOS)
π€ Not done yet? Check the documentation.
Security considerations
- Remove VPN peer configurations: Delete on the PiRogue and on peer’s devices, any VPN peer configurations as soon as they’re no longer needed.
- Handle peer configurations with care: Peer configurations contain sensitive information. Share them securely and privately.
- PiRogue’s IP address exposure: Online services accessed through the VPN can see your PiRogue’s IP address.
... in 4 steps
Create a new Wireguard peer
To create a new Wireguard peer allowing a device to connect to the VPN network of the PiRogue, use the following command:
βΉοΈ Get the list of Wireguard peers
To get the list of already configured peers, use the command:
Example:
- idx: 2 private_key: oA3PBMH5yhBCIykx1odFPbnH+QKq18FBPmdPU1MrmEQ= public_key: hdlwEsh7SQ0lEPC5Qpl66y9slJkhH4wUYEpzvkEq6V4= - idx: 3 private_key: YGe5EF//sIj6QF/2sglmx20b7jxgxFpV1sl8hXBDy34= public_key: 8lSksu3/HF8vCGi5lCOktI3C9L68PsfNhzDwyuAtMQ0=
βΉοΈ Delete a Wireguard peer
To delete a peer, you have to specify its index (idx
):
Get the configuration of a Wireguard peer
To connect a peer to the Wireguard VPN, you first need to get its configuration. The peer configuration is returned by the command. You have to specify the ID of the peer you have previously created:
βΉοΈ Example of peer configuration
[Interface] Address = 10.8.0.3/24 PrivateKey = YGe5EF//sIj6QF/2sglmx20b7jxgxFpV1sl8hXBDy34= DNS = 10.8.0.1[Peer] EndPoint = 185.199.111.153:51820 PublicKey = YxtvfgfpgCpkQKTI9vcVz0LnXGHIwF83Z65OBWw4F0A= AllowedIPs = 0.0.0.0/0 PersistentKeepAlive = 20
βΉοΈ Save the peer configuration in a file
To save the configuration of the peer in a .conf
file to be loaded on the device, use the command:
Security concerns
Never share the configuration of a peer publicly. The configuration of a peer contains very sensitive information such as the IP address of your PiRogue and the private key of the peer. If you have any doubts, delete the peer and create it again.
Generate only one configuration per device, and never use the same configuration on multiple devices.
Connect the mobile device by scanning the QR-code
Make sure the Wireguard application is already installed on the mobile device. Then, generate the QR-code and scan it with the Wireguard app:
βΉοΈ Example of QR-code to scan with the Wireguard app
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββββ βββββ ββββββββ ββ βββββ βββ ββββββ βββββββ β ββ βββββ ββββ ββββ β β β β ββββββββββββββββββββββ ββ βββββββββ ββ β β ββββ ββββ βββββ ββββ βββββββ βββ ββ βββ βββββββββ β β ββββ βββββ ββββ ββββββββββββββββ β βββββββββββ βββ β βββ βββ β β ββββββββββββββββ ββββ β ββββ βββββββ βββββ β β β β β ββββββββββ ββββββββββ ββββ ββββββ βββββββ β βββ β ββββ ββ βββ β ββ β βββββββββββββββββββββ ββββββββ βββββββββ β βββββββββββ ββββ ββββββ ββ ββββββββ ββββββ βββββββββ βββββββββ ββββββββ β ββββββββββββββββββββ ββ β ββββββββ βββββββββ ββββββ ββββββ β βββ ββββ ββ β ββββββ ββββ ββββββββββ ββββ β ββββ βββββββββββββ β βββ ββββββββ βββββββββββ ββββ ββββββ βββββ ββ βββββββ ββ βββββ ββ βββββ βββββββββββββββ ββ ββ βββββ βββββββ βββββββββ βββββ β β ββββββββββ ββββββββ βββββ ββββββ ββββ ββββββ β β βββββββββ βββββ β ββββββββ β βββββββ β β βββββ ββββββββ βββ βββββββ βββ ββββ βββ βββ ββββββ ββ βββ βββββββ βββββ β βββ ββββ ββββββββββββ βββ ββββββββββββββ β βββ ββ ββββ ββββββββ ββ β βββ βββ ββ ββ ββ βββββββββ βββββ βββ βββ ββββ βββββββββββ βββ ββ ββ β ββββ βββββββββ βββ ββ β ββββββββ βββββ ββββββββββββ ββ βββββ ββββ ββββ ββββββ βββββ ββββββ βββββββββ ββββ βββββ β βββ ββββββββ ββββββ βββββββ ββββββββββββ ββββββββ βββββββββ βββ ββββ βββ ββββββ ββ β βββββββββ ββββ βββββββββββ ββββββββ βββββββββ ββ ββββββββββββββββββββββββββ β βββββββ β ββββ ββββ β βββββββ βββββββββ β ββββββββββββ ββ βββ ββ βββββββββ ββββββββββββββββββ β βββ ββ βββ βββββββ ββββββ ββββ β βββ ββββββ ββββ β ββββββββ β βββ ββββββββββ βββββ β β β β β ββββ ββ ββββ ββββββββββββ ββ ββββββ βββ ββ βββ β ββββββ βββββ β βββ βββββββ ββββ βββββ ββββββββ ββββ βββ β βββ β ββββββββ ββββ βββ βββ ββββ ββββ β β ββ β β βββ β β β βββ ββββββββ βββββ βββ βββββββββββββ ββββ βββββ β ββ βββ βββββββββ ββββββ ββ β βββ ββ ββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Take a screenshot of the QR-code and send it (via encrypted email or Signal) to the person who needs to connect to the VPN of your PiRogue.
Identify Wireguard peers
The Wireguard peers configured on your PiRogue are not named, a peer is identified by its ID only. If you want to associate a peer to an individual, you have to store this information separately, ideally not on your PiRogue. We suggest you keep track of the peers the following way:
Date | Peer ID | Peer IP address | Individual |
---|---|---|---|
2024-10-23 | 2 | 10.8.0.2 | John |
2024-10-23 | 3 | 10.8.0.3 | Lea |
2024-10-27 | 6 | 10.8.0.9 | Camilla |
βΉοΈ How to find the IP address of a peer
The IP address of a peer is specified in the configuration of each peer, it corresponds to the Address
. It’s specified using CIDR notation, ignore the value after the /
.
In this example, we want to get the IP address of peer 2.
[Interface] Address = 10.8.0.2/24 <--- IP address of peer 2 PrivateKey = WLzm+auxiGXJJDf/74TsS4hnAU4mViJxR8XfpJUviW0= DNS = 10.8.0.1[Peer] EndPoint = 51.159.150.9:51820 PublicKey = dQzDsS2BQPjNjI2PG4hGAQX7AQ2xhFZnuMvV2beLj30= AllowedIPs = 0.0.0.0/0 PersistentKeepAlive = 20