I use Plex, which is OK, but I don’t like having to depend on an external service to access my own media files. I have successfully set up a VPN to my home network, so that my mobile phone can access my media files from anywhere!
I set up WireGuard as a vpn, so VLC on Android can play my files from my nfs server at home!
On Linux server
On my nfs server (CentOS 8), I installed wireguard, the up-and-coming VPN solution that can be included in the Linux kernel! I used method two, using kmod, but from rpmfusion which I already had enabled.
sudo yum install kmod-wireguard wireguard-tools
Then I set up file /etc/wireguard/wg0.conf. There was a template file somewhere with some better notes, but this is the boiled-down version.
[Interface] Address = 10.222.0.1/24 ListenPort = 51820 # from `wg genkey` PrivateKey = 123456789009876543211234567890= # server1 public key, from `echo "${PrivateKey}" | wg pubkey` # 123456789012345678901234567890= [Peer] # my mobile phone's public key, from below instructions PublicKey = 01982643901625901902283497598275= AllowedIPs = 10.222.0.2/32 PersistentKeepalive = 25
I chose to save the public key right there in the config file, in case I need to retrieve it often!
And then I had to open the firewall, of course.
sudo firewall-cmd --add-port=51820/udp --permanent
I also had to forward port 51820 in my router to my server’s IP address. And then I took virtual NIC up!
sudo wg-quick up wg0
Because my plan included accessing NFS with VLC for Android, I needed to add a rule in /etc/exports:
/var/server1/shares 10.222.0.0/24(ro,sync,insecure)
And update the current export list.
sudo exportfs -ra
And to make sure the wireguard interface
On android mobile phone
I installed the official Wireguard app from F-droid.
I appreciate how the app lets you configure interfaces and peers in a manner that looks basically identical to the contents of the config file used to define an interface+peers on a full GNU/Linux system!
I named the interface, and added my IP address of 10.222.0.2/32. I also listed DNS servers that are on my home network. I hard-coded the listen port to 51820.
For the peer, I added the public key from my server1 above.
Allowed IPs: 10.222.0.0/24,192.168.1.0/24
As I understand it, the allowed IP addresses indicate what networks will be routed through the VPN. So here I am including the VPN network, and also my home network’s main IP network.
Endpoint: (my ddns name):51820
Persistent keepalive:25 seconds.
Conclusion
I don’t know how to perform low-level network diagnostics from Android such as ping or netcat, so I really only tested from my server. I pinged the client (once all wireguard interfaces were up on both devices).
And for the final test, I was out driving in my car, and I had an opportunity to enable my wireguard interface on my phone, run VLC, and connect to my nfs server and play music! So this was a successful operation (even if it is a bit flaky, due to nfs’s dislike of spotty networks). And now I don’t need
Cool idea, I would imagine you need a pretty good connection to play a media file though. Probably very doable in places not in Alaska. 🙂
[…] extend my new, fancy wireguard vpn, I took some extra steps so I could route all traffic through my home […]