Hi, this is Wayne again with a topic “Wireguard: Gateway to free self-hosted Netflix/Spotify!”.
You’Ve built the ultimate home server, i mean look at this. We got the the gigabyte chassis, all the cores, and then we got the older google search appliance the disk shelves. It’S got terabytes and terabytes of movies and media and music and all the applications and literally anything we could possibly need, but it’s at home. How do you access it remotely? Well wireguard and we’ve done a ton of videos on wireguard. Usually it’s from you know connecting internally to externally, but you can also use wireguard to connect back to that from anywhere.
Even if your internet connection is crappy, we’re going to talk about it and i’m going to show you how, on the level one forum, let’s take a look, so what’s up i’m well, this is level one. This is another video in our ultimate home server series, but your ultimate home server is not really super useful if you can’t get to it everywhere. Part of the reason that everybody uses cloud services for everything is the convenience and ubiquity of it. But you can use wireguard on your home internet connection and use wireguard in your mobile devices.
It’S in the app stores for both google and ios and have a secure connection back to your home network. Now, in the past level, one has done videos where we show you how to run services on your home internet connection. Some isps have a problem with that. In fact, your your home internet connection can be three different kinds in terms of like connectivity. The first kind will give you a public. I p address most of the time that i p address, changes from time to time. We’Ll take a look at overcoming that with duck dns a dynamic dns service, but there’s lots of dynamic dns services. You can also have carrier grade nat at home, which means that your home internet connection doesn’t get a real ip address, and that’s okay, because we can still use wireguard just the way that ryan showed you in the previous video with wireguard, where you set up wireguard Somewhere in the cloud – and you connect to that, you have your own private vpn server.
Well, if you do that with your phone and your phone connects to that same private wire guard server in the cloud, then your phone can connect back to your home connection. Even if you’ve got carrier grade nat, we’ve got a full guide for that on the level one forum, and so you can go step by step and configure that and the third scenario, which is really the most doomsday scenario, is that you can’t even change any configuration On your router, in that case, if you’re rocking something like trueness scale or trueness core, you can actually run wireguard right on your media appliance right on your home server appliance. This isn’t quite as good. You got ta jump through some extra hoops to connect all the dots, but if you do that, you run wireguard on the server.
The server connects out to your small instance on the node, and then your phones and stuff can connect to that. And then you still have that connection back to your media server. Now, if you want to run steam, you can use steam play and that kind of thing in all of those scenarios. But you got to jump through some extra hoops to tell the computers on your network.
Hey when you want to access the wireguard network. You’Ve got to go through the media server, not our isp’s router, so uh that one’s a little more involved that one probably could be its own separate video. If you’d like to see that or if you’re in that situation, let me know hit me up on the forum at level.
One text there’s a guide there. That’Ll walk you through that, but in any of those scenarios the server that you’re hosting at lenode can be a very very small instance. It can be very inexpensive.
Obviously, we’ve got terabytes and terabytes of storage in our media server. Here: it’s not really a media server, but if this were our media server, we’ve got terabytes and terabytes of storage, and you know yeah hosting that in lenovo, but on a very inexpensive instance. You know five dollars a month ten dollars a month. Something like that.
You can use that as the gateway that system this system maintains a connection to that system. You connect to that system on the internet, and then you can get back to this one. How much bandwidth do you need? Well, if your home internet connection is at least 2 megabit, that’s going to be enough to stream music and movies if you’re home internet connection has a bunch of people on it, two megabits might not be enough, but uh. It’S the upload.
It’S the upload capacity that matters because you’re, not downloading anything, you’re transmitting things it can get a little weird, but not a huge deal all right. Now, i’m back to my desk to talk a little bit about the networking side of this. Basically, we’ve got to connect with wireguard from our phone to our internal home system, and i want to walk you through that. Just talking about it and walking you through the guide so that you’re mentally your your head is in the right space.
I’M also working on the guide for the step by step. I don’t really want to do guides where people mindlessly copy paste commands into the terminal without understanding what’s happening. So if you watched past level, one videos, we’ve been big proponents of building your own router going back years and we usually use pf sense because it’s so flexible and it’s so easy.
It’S really the best of both worlds. Um. If you set up pf sensor, if you already have pfsense, you can set up wireguard on your pfsense router and your pf sense.
Router is where your isp, your internet connection, coming in hits your network. That gives you the most flexibility, the most control, the most everything in the past. We’Ve forwarded ports for things like our h, a proxy video where you can just run this stuff directly naked on the internet.
That’S fine, but this is a little more secure and this is a little bit more uh. You know less opening everything up to the world because anybody on the internet can access those services. Unless you go through extra steps to set the rules, whereas with wireguard, nothing can access it unless they are specifically allowed to connect to your network.
It’S deny all versus allow all. If you want to think of it that way – and you can also run some internal services that are a little bit more fast and loose when you’ve got your wire guard set up. If you can’t run a pf sense system or you don’t have a pfsn system that is okay, the guide will walk you through that see we’re using trueness scale for this, but this would also work with trueness, core and trunas. The underlying operating system also has support for wireguard. It can be a wireguard server or it can be a wireguard client. What that means is that the media server itself, you can connect from your phone to the media server, assuming that you have a public ip address and you can forward a port through your router.
If you don’t, then you can look at ryan’s guide on the uh setup of wireguard ryan did a great video where you use lenode, it’s a really small instance in the node, and you do your own vpn, and so your you know, your desktop computer is going To connect to lenode and then your isp can’t spy on your traffic or you know whatever reason you might have for doing that. Well, you can also connect multiple devices to that lenode instance, and in this case, if you can’t forward a port or your isp’s persnickety or you don’t even have a public ip address, you can have your media server connect to lenode and your phone connects to the Node and your desktop computer connect to the node. Well, you wouldn’t with your desktop computer, it’s on the same network as as your as your media server, but all the devices connecting to a node once they do that they can all see each other.
They can all see their their own wire guard ip addresses, so whatever i p address you assign you’ll be able to get to that. I p address through your wireguard connection and that’s kind of what the the guide on the forum is walking you through here. So there’s some different scenarios and that’s what it means. Also tom from lawrence systems did a really great uh guide on setting up pfsense with wireguard up through about 10 12 minutes in that video is very relevant to what i’m talking about here. So if you need a step he’s like okay, you’ve convinced me pf sense, you need a step-by-step walkthrough, with a focus on setting up wire guards, specifically on pfsense.
That will walk you through it, and you can totally do that. Now. It’S convenient if your ip address. Never changes like this ip addresses me it very seldom changes. I can always go to that ip address for my phone, but if your isp changes your ip address from time to time, then it can be a little annoying because it’s like oh my wire guard on my phone’s, not working. What do i use well enter dynamic.
Dns dynamic dns is a service where there’s a little program that runs and every so often it hits a website and it updates a dns name. The dns name is like www.google.com. Www.Google.Com is not useful by itself for the computer. That has to be converted into a number uh, which is an ip address, which is the address of the computer.
That will give you that web page. Well, that’s what duck dns does for you, except at a at a very small scale, on pfsense or or or truenas or anything you can set up a cron job. That is a scheduled job and duck. Dns has the walkthrough for that. So you sign up and you get a key and you get a url that you paste in and you just tell pfsense you know every four hours or once a day or you know every how often your ip address typically changes to run that command and when That command runs whatever device ran. That command will make an internet connection out to duck dns with your key and duct dns notices the source ip address that that request came from and then it’ll update your dns name. So you can have you know foo something.dns.org, when you sign up you’ll you’ll pick a name.
You can also do your own dns name. That’S no problem! You can set up your own custom domain name. Typically, these services range from free to about five dollars a year.
There are more expensive services, but don’t you don’t? This is not an expensive, dynamic, dns service. You should not be paying more than five dollars a year and duck dns for the scenario that i’m talking about here is pretty much free, very close to free. So with duck dns and wire guard, you can set up your duck, dns address in your phone and then no matter what your ip address is as long as that that command runs periodically enough you’ll be able to connect from your phone back to your wire guard Instance, at home, it’s like somebody with their their phone number keeps changing, but every time their phone number changes they call their friend bob. It’S like bob, hey here’s, my new number and you don’t know what their number is.
But you know bob’s number and you can go, ask bob hey! What’S their new number and it’s here you go that’s what duck dns is doing for you, because you have your media server at home with all of your music and movies and everything else that you want and you’re working on ingesting things you can do away with All of your subscriptions to everything yeah, you might have to wait for the mandalorian to come out on dvd or you know something or alternatives, but once you have it on your storage system, once you have the physical media, you have it forever. You’Re not going to pay for it from now. Until the end of time, most people don’t realize how much money it really costs to have these subscription services from now. Until the end of time i mean some of you have probably been subscribed to netflix for decades, whip out a spreadsheet and do the math right now.
I think you’ll be surprised at how much money. That really is. It is a staggering amount of money and it’s only getting worse because cable tv shockingly bad, they don’t really have a very high bar to cross. But the scary thing is: if you look at netflix’s breakdown numbers i mean they’ve got hit, shows like the witcher sure, but a lot of their streaming is actually older, stuff things like star trek, the next generation and knight rider and things like that.
We get the knight rider box set for like 35 bucks, for you know all five six seasons, whatever it was, and star trek. The next generation, when it originally came out, was like 120 a season, but now you can get pretty much everything if you take those dvds and you transcode them onto your media server, you have those forever forever forever. As long as you do good backups and the functionality is potentially just as easy and seamless as netflix. In fact, our next article is on setting up media drone and media drone can do some things that some of the music service, music streaming services can’t in terms of streaming to devices other devices on your local network. So you can have it on your phone, but you can also have it in your whole house stereo.
So look for that! That’S coming up a window! This is level one. This has been a quick look at. Yes, you can wire guard all the things you can. Self-Host your stuff and not spend a bunch of money. I try to keep this as an overview so that i’m not got an hour long, video, the guide on the forums pretty good. It’S got screenshots if you run into problems.
Some are past. Videos, too, will also help you out. Let me know we’ll figure it out. Maybe i can do a follow-up video, i’m one of those level, one i’m signing out. You can find me in level one forums you .