Connecting my mobile phone to my home network for playing media
I use Plex, which is OK, but I don't like having to depend on an external service to access my own media files. I have successfully set up a VPN to my home network, so that my mobile phone can access my media files from anywhere! I set up WireGuard as a vpn, so VLC on Android can play my files from my nfs server at home!
On Linux server
On my nfs server (CentOS 8), I installed wireguard, the up-and-coming VPN solution that can be included in the Linux kernel! I used method two, using kmod, but from rpmfusion which I already had enabled.
sudo yum install kmod-wireguard wireguard-tools
Then I set up file /etc/wireguard/wg0.conf. There was a template file somewhere with some better notes, but this is the boiled-down version.
[Interface]
Address = 10.222.0.1/24
ListenPort = 51820
# from `wg genkey`
PrivateKey = 123456789009876543211234567890=
# server1 public key, from `echo "${PrivateKey}" | wg pubkey`
# 123456789012345678901234567890=
[Peer]
# my mobile phone's public key, from below instructions
PublicKey = 01982643901625901902283497598275=
AllowedIPs = 10.222.0.2/32
PersistentKeepalive = 25
I chose to save the public key right there in the config file, in case I need to retrieve it often! And then I had to open the firewall, of course.
sudo firewall-cmd --add-port=51820/udp --permanent
I also had to forward port 51820 in my router to my server's IP address. And then I took virtual NIC up!
sudo wg-quick up wg0
Because my plan included accessing NFS with VLC for Android, I needed to add a rule in /etc/exports :
/var/server1/shares 10.222.0.0/24(ro,sync,insecure)
And update the current export list.
sudo exportfs -ra
And to make sure the wireguard interface
On android mobile phone
I installed the official Wireguard app from F-droid. I appreciate how the app lets you configure interfaces and peers in a manner that looks basically identical to the contents of the config file used to define an interface+peers on a full GNU/Linux system! I named the interface, and added my IP address of 10.222.0.2/32. I also listed DNS servers that are on my home network. I hard-coded the listen port to 51820. For the peer, I added the public key from my server1 above. Allowed IPs: 10.222.0.0/24,192.168.1.0/24 As I understand it, the allowed IP addresses indicate what networks will be routed through the VPN. So here I am including the VPN network, and also my home network's main IP network. Endpoint: (my ddns name):51820 Persistent keepalive: 25 seconds.
Conclusion
I don't know how to perform low-level network diagnostics from Android such as ping or netcat, so I really only tested from my server. I pinged the client (once all wireguard interfaces were up on both devices). And for the final test, I was out driving in my car, and I had an opportunity to enable my wireguard interface on my phone, run VLC, and connect to my nfs server and play music! So this was a successful operation (even if it is a bit flaky, due to nfs's dislike of spotty networks). And now I don't need
Comments