So to make a long story short, I have my VPN server up and running using the confiration established in this post title. I do not feel proud of how this was achieved, however, as it feels like cheating. My initial plan, as I have gone over in a lot of depth, was to use Wireguard layered on top of OpenBSD. This quickly became complex, because I was having trouble just installing OpenBSD on the Pi. I fully intend to eventually implement this configuration, however, I needed to get A VPN server up and running this weekend and simply did not have time to troubleshoot the original plan. On top of this, there was a functionality that was missing in the original plan that this one covers, i.e. a web GUI. Eventually, I plan to upgrade to OpenBSD Wireguard, but for now, this works.

The setup involved a fairly standard Ubuntu setup on a PI4, with my standard device hardening. I then used this repo to install it alongside a web client. It worked straight out of the box, and the itch I had to work on a long complex project was once again thwarted by Docker. All I had to do was change the port forward settings on my router(s). My key issues with this setup are as follows.

• The site runs on port 51821, and cannot be easily reconfigured to 80 or 443
• The site comes bundled with Wireguard, meaning it is not as modular as I would have liked

When I eventually get the OpenBSD Wireguard version up and running I want to find a way to deal with these issues.