The scope of this guide is for you to be able to connect to your home shared folder from anywhere, using a secure method, provided by the Wireguard VPN server.
About me: I’m not an expert, this is the first time that I’ve used RaspberryPi, OMV, Docker, Wireguard. So if you find something wrong or that can be done easier or better, please share your comments.
A bit of context: the first approach I’ve tried was to use Nextcloud & Swag & MariaDB docker containers, but after several errors generated by Nextcloud and, after solving almost all of those errors, seeing that it takes too damn long (8-10seconds) to fully load the Nextcloud Files or Photos page (with no personal files added yet, only the default demo ones), I gave up on it and tried the SharedFolder+Wireguard approach. Also, I’ve found no up-to-date & working docker container + a working guide for Seafile on RaspberryPi.
This guide assumes that:
- you have a RaspberryPi (tested on RaspberrryPi 4B, 4GB RAM) and you have installed OMV5 on it (tested with OMV 5.5.23-1 (Usul) )
- your RaspberryPi has a fixed/static internal IP address
- you use a windows laptop/pc
- you can login to your RaspberryPi via SSH (for example using Putty)
- a HDD/SSD is attached to your RaspberryPi, formatted as a Linux filesystem (tested with ext4), which is mounted on OMV5 – Storage – File Systems
- a Shared Folder/SMB share created from OMV5, which resides on the attached HDD/SSD
- your shared folder is already accessible (read/write) from computers/other devices on your home network
- on OMV5 – System – OMV Extras, you have installed Docker and maybe Portainer
These are the required steps for installing & configuring & using Wireguard on your RaspberryPi:
- Create a duckdns.org subdomain, configure duckdns IP updates & port forwarding
- Create a docker1 user from OMV5 and get its UID and GID
- Create required folders & files on your RaspberryPi
- Create Wireguard docker container
- Configure peers to be able to connect to your Wireguard server
- Test your VPN connection & remote access to your local shared folder
- Add more peers
1. Create a duckdns.org subdomain, configure duckdns IP updates & port forwarding
- create a duckdns.org subdomain.
- then, from https://www.duckdns.org/install.jsp:
- from the Operating Systems section click on “pi” black button
- select your newly created domain from the “first step - choose a domain” section
- and the bellow section will be populated with instructions about how to configure this domain for your RaspberryPi. Please follow the instructions presented there.
Next, go to your router’s Admin page (some instructions here) and forward the port used by Wireguard, 51820, to the internal IP of your RaspberryPi (a general port forwarding guide here).
For example, this is how the needed port forwarding looks like for a TP-Link router:
2. Create a docker1 user from OMV5 and get its UID and GID
From OMV5’s left side menu, go to:
Services – SMB/CIFS – make sure that the Enable toggle button is active
And that your samba share is enabled:
Access Rights Management – Users – click Add
In the General tab
- Name = docker1
- Add a password
- Shell = bin/bash
In the Groups tab - check these groups:
- users
- docker
Click Save
Login to your RaspberryPi via SSH using Putty (for example) and run this command:
then copy its uid and gid to some other file
3. Create required folders & files on your RaspberryPi
Create docker1 folder and go to that folder:
Copy this example of docker-compose.yml file content and update it with your info.
Many thanks to OMV team for this very useful app and to linuxserver.io team for their work! – this info is retrieved from here.
version: "2.1"
services:
wireguard:
image: ghcr.io/linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=XXX
- PGID=XXX
- TZ=Europe/Berlin
- SERVERURL=blabla.duckdns.org #optional
- SERVERPORT=51820 #optional
- PEERS=3 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
volumes:
- /srv/dev-disk-by-uuid-XXXXXXX/wireguard_folder/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
Display More
Update it with your info – I’m only mentioning the details that you have to change:
environment:
- PUID=XXX (enter here the uid value for your docker1 user – see step 2)
- PGID=XXX ((enter here the gid value for your docker1 user – see step 2)
For example, if:
the output for command
is
uid=1001(docker1) gid=100(users) groups=100(users)…
then the PUID and PGID will be
- TZ=Europe/Berlin should be updated with your timezone, use this command to see which is it:
- SERVERURL=blabla.duckdns.org should be updated with your duckdns domain – see step 1
- PEERS=3 #optional => Peer means some other device that you use to connect to your Wireguard server; instead of 3, you can enter the number of devices that you need to be able to connect to your Wireguard VPN server. In my case, I’ve used 3 because I want to be able to login using my phone, my tablet and my laptop, so 3 devices in total.
volumes:
- /srv/dev-disk-by-uuid-XXX/wireguard_folder/config:/config
- /lib/modules:/lib/modules
The SSD/HDD connected to your RaspberryPi is mounted under /srv/dev-disk-by-uuid-XXX where XXX is some ID what was generated when the SSD/HDD was mounted (via OMV5). For example, you can see this name when you run this command:
So you should update
- /srv/dev-disk-by-uuid-XXX/wireguard_folder/config:/config
with the name from your setup
Also, do not change this line:
- /lib/modules:/lib/modules
Then go to your mounted SSD/HDD folder and create the wireguard_folder:
Move back to docker1 home
And create a docker-compose.yml file required to create the Wireguard docker container:
Now paste (right click) the updated example of docker-compose.yml file content
After pasting, press CTRL+O then press Enter then press CTRL+X
4. Create Wireguard docker container
Make sure you’re in this location, where you have the docker-compose.yml file:
Then run
You should see a green Done, as the final output of this command.
Wait 2-3minutes (in my case, the required files were not created immediately after this command has successfully ended).
5. Configure peers to be able to connect to your Wireguard server
If you want to see more details, go to your Wireguard config folder:
Before navigating to this folder, switch to root user
then
The output of the ls command:
coredns peer1 peer2 peer3 server templates wg0.conf
So a folder for each peer has been created, along with the server config files.
If we go to peer1 folder
we can see that the folder content is this:
peer1.conf peer1.png privatekey-peer1 publickey-peer1
These are the config files needed by peer1.
6. Test your VPN connection & remote access to your local shared folder
Let’s say you want to login from your phone, to your Wireguard server on your RaspberryPi, using peer1 details.
First you need to install Wireguard app on your phone.
Open the QR code for peer1, from your ssh console:
Then open Wireguard app on your phone, click on that + button and select Scan from QR code and scan the code you see in your RaspberryPi console.
Enable the newly created tunnel. To test this, you should disable phone's WIFI, make sure the Mobile Data is enabled, then open your file explorer app that you use on your phone and go to that RaspberryPi shared folder.
For configuring the connection from your laptop, if you want to use peer2, you can use the peer2.conf from the peer2 folder.
cd /srv/dev-disk-by-uuidXXX/wireguard_folder/config/peer2
cp peer2.conf /home/pi/
cd /home/pi
chown 777 peer2.conf
Now, you need to copy this peer2.conf file from your RaspberryPi to your laptop, using WinSCP.
Configure WinSCP to connect to the IP of your RaspberryPI using port 22, user pi and its password.
Copy peer2.conf from /home/pi to your Desktop, for example.
Install Wireguard on your laptop, from here.
To test your new Wireguard connection, you can disable home WIFI on your laptop (if your at home), start the Mobile Hotspot from your phone and connect to that hotspot. Open Wireguard app on your laptop and click on Add tunnel and add your peer2.conf file. Click Activate. That’s it.
7. Add more peers
If in the future, if you need more to have more peers, the easiest way is to edit the docker-compose.yml file and recreate the Wireguard container.
So you will have to update this line and increment the number of peers:
- PEERS=3 #optional
The command for this is:
Let’s say you have changed the peers number to 4.
To save your changes - CTRL+O, press Enter, CTRL+X.
Now we need to recreate the Wireguard container and only the changes will be applied, the existing peerX folders will not be modified so your existing devices configuration will still work.
From the /home/docker1/wireguard folder, run this command
The output of this command should be:
Now you can check peer4 config files under /srv/dev-disk-by-uuidXXX/wireguard_folder/config/peer4
Sorry if this guide is too long but I wanted to make it easier for beginners.
I hope that this guide is useful for at least one person 😊