Accessing Localhost WireGuard Server with LocalXpose: A Step-by-Step Guide

In today's interconnected world, secure and efficient remote access to your local network is more important than ever. This tutorial will guide you through setting up a WireGuard VPN server on your Linux machine and exposing it securely to the internet using LocalXpose. By combining the power of WireGuard's fast, modern VPN protocol with LocalXpose's secure tunneling capabilities, you'll create a robust remote access solution that can be used from anywhere in the world.

Table of contents

Prerequisites

Before we begin, ensure you have the following installed on your Linux machine:

  1. Docker (for running the WireGuard server)
  2. LocalXpose CLI (download from LocalXpose's website (opens in a new tab))
  3. WireGuard client (for testing the connection)

Step 1: Setting up WireGuard Server using Docker

We'll use the wg-easy (opens in a new tab) Docker image to quickly set up our WireGuard server.

  1. Create a directory for WireGuard configuration:
mkdir ~/.wg-easy
  1. Run the WireGuard server container:
docker run -d \
  --name=wg-easy \
  -e LANG=en \
  -e WG_HOST=127.0.0.1 \
  -e PASSWORD_HASH=<🚨YOUR_ADMIN_PASSWORD_HASH> \
  -e PORT=51821 \
  -e WG_PORT=51820 \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy

Replace YOUR_ADMIN_PASSWORD_HASH with a secure password of your choice, you can use the same docker container to generate the hash for you like:

docker run -it ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD
PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW'

Step 2: Configuring LocalXpose

Ensure you have LocalXpose installed and configured on your system. Log in to your LocalXpose account:

loclx account login

Follow the prompts to enter your access token.

Step 3: Exposing WireGuard Server with LocalXpose

Now, let's create a UDP tunnel to expose our WireGuard server:

loclx tunnel udp --port 44433 --to localhost:51820

This command will create a tunnel like us.loclx.io:44433 that forwards traffic to your local WireGuard server.

Make note of the tunnel address (e.g., us.loclx.io:44433) as we'll need it for the client configuration.

Step 4: Configuring WireGuard Client

  1. (Optional) If you also want to access the WireGuard Easy web interface remotly, you can create an HTTP tunnel like:
loclx tunnel http --to 127.0.0.1:51821

This will create an HTTP tunnel to access the WireGuard Easy web interface remotly or access it in local network at http://localhost:51821 (opens in a new tab).

  1. Open the wg-easy URL in your web browser and log in using the password you set earlier.

  1. Click on New Client to create a new client configuration.

  1. Download the configuration file (.conf) for your client.

  1. Open the downloaded configuration file in a text editor.

  2. Replace the Endpoint value with your LocalXpose tunnel address. For example:

Endpoint = us.loclx.io:44433

Save the modified configuration file.

Step 5: Connecting to Your WireGuard Server

  1. Install the WireGuard client (opens in a new tab) on your device if you haven't already.

  2. Import the modified configuration file into your WireGuard client in /etc/wireguard/wg0.conf

  3. Activate the VPN connection in your WireGuard client by running wg-quick up wg0.

You should now be connected to your WireGuard server through the LocalXpose tunnel!

  1. To verify your WireGuard connection is working correctly, you can perform a quick test:

    • Access your wg-easy Docker container: 
        docker exec -it wg-easy /bin/bash
    • Once inside the container, try pinging your WireGuard client's IP address: 
        ping 10.0.0.2

Replace 10.0.0.2 with the actual IP address assigned to your WireGuard client.

If the ping is successful, you'll see replies from the client, confirming that your VPN connection is established and functioning properly. This test ensures that traffic is correctly routing through your LocalXpose tunnel and WireGuard server to reach your client device.

Troubleshooting

If you encounter any issues:

  1. Ensure all ports are correctly forwarded and not blocked by firewalls.
  2. Check that the LocalXpose tunnel is active and running.
  3. Verify that the WireGuard server container is running properly.
  4. Double-check the client configuration, especially the Endpoint value.

By following this tutorial, you've successfully set up a WireGuard VPN server on your local machine and securely exposed it to the internet using LocalXpose. This setup allows you to access your home network securely from anywhere in the world, leveraging the speed and security of WireGuard combined with the flexibility of LocalXpose's tunneling capabilities.

Use LocalXpose with TraefikExpose PocketBase backend

8 The Green, Dover, Delaware, 19901 USA

hello@localxpose.io

xLab

2024. All Rights Reserved

We contribute to Stripe's Climate program!

Product

FeaturesPricingDocumentationAppsAlternatives

Company

BlogChangelogRoadmapAffiliates

Legal

Terms of servicePrivacy policyReport abuse