Oddbean new post about | logout
 i just use wireguard directly... setting it up on a VPS there is a nice script https://github.com/angristan/wireguard-install

this makes it really easy to set up, at least on ubuntu server, and you can run it to get new client configs, and by default it shows a QR code so you can hook up your mobile devices with QR scanners on them

i usually then modify my SSH configuration to listen only on the wireguard address and then no more endless logs of people trying to hax, because they have to have an allowed WG public key to even connect at all 
 in general about wireguard, i use it all the time to test my relays, i have a VPS with a reverse proxy i customised to enable nip-05 and #golang vanity redirects (that's how realy has its import url as https://realy.lol ) and the vanity redirect also bumps normal web browsers to the redirect location... oh yes and i added the feature for it that it can serve paid SSL certs, as well as normally just using LetsEncrypt

it's a bit more fiddly, and the reverse proxy doesn't help this, but once you have a wireguard server on a VPS you can set up IP forwarding in the kernel and then configure iptables to forward ports to a wireguard address, which can be used to expose such as a bitcoin node or lightning node listener port directly to the internet, allowing inbound connections... of course beware you have a sufficiently fast home internet, 100mbit is usually fine though