VPN Server on Manjaro Rpi4

I've googled this, but can't seem to find a good guide to installing a VPN server on a Rpi4 running Manjaro.

For the Debian-based installs (like Raspbian), this script is terrific. It is incredibly easy and just works.

Do we have anything similar in Manjaro-world - where I prefer to stay!

Not that I know of, but setting up a wireguard network is really easy.

https://wiki.archlinux.org/index.php/WireGuard#Specific_use-case:_VPN_server

Thanks -- and that sucks. I briefly tried to set up wireguard, but the install instructions I have don't make it clear which IP addresses are part of the standard setup and which are user-set.

For example, in the below conf file, I can't tell if the 10.200.200.1 addresses are part of wireguard or, instead, are placeholders for my LAN IP addresses.

/etc/wireguard/wg0.conf
[Interface]
Address = 10.200.200.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = [SERVER PRIVATE KEY]

# note - substitute eth0 in the following lines to match the Internet-facing interface
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# foo
PublicKey = [FOO'S PUBLIC KEY]
PresharedKey = [PRE-SHARED KEY]
AllowedIPs = 10.200.200.2/32

[Peer]
# bar
PublicKey = [BAR'S PUBLIC KEY]
AllowedIPs = 10.200.200.3/32

That is actually one of the beauties of wireguard. It doesn't care about your normal LAN network. You only specify the IPs and network ranges of your VPN.

However you need to make sure one of the wireguard systems can be accessed and has a open port, this is your wireguard server. And in the file you posted, make sure you use the correct interface name in the iptables command. If you use ufw, it is often better to specify the forwarding rules in the ufw before config file (be aware, it is not the same command).

Also you don't need to set up preshared key. But if you do, every client need to use it.

Well...I definitely need to learn about WireGuard.

That said, I found this script on GitHub. It works great for Manjaro.

Note that I had to make two minor changes.

First, for Android compatibility, I added this to the end:

tun-mtu 1400
mssfix 1360

as per this link.

Second, during the script operation, I used my router's ip address (e.g., 192.168.0.1) as the primary DNS.

After that, it seems to work fine and be really simple.

1 Like

Forum kindly sponsored by