MODULE.NET_02v1.0.0-stableIn ProductiondescriptionDOC
~/projects/wireguard-vpn

WireGuard VPN

Self-hosted VPN gateway running in an isolated Proxmox VM with split-tunneling and kill-switch configuration.

WIREGUARDPROXMOXDEBIANIPTABLES
SYS.LOG_02 // Solution

Architecture

  • vpn_lock
    Isolated VM

    Dedicated Proxmox VM with no access to other VMs, strict iptables rules.

  • route
    Split Tunneling

    Only specific traffic routes through the VPN, preserving local network access.

  • security
    Kill Switch

    iptables rules drop all non-VPN traffic if the WireGuard interface goes down.

SYS.LOG_03 // Implementation Pipeline
01

VM Provisioning

qm create 100 --name wireguard --memory 512 --cores 1 qm set 100 --net0 virtio,bridge=vmbr0,tag=30
02

WireGuard Config

[Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = <REDACTED>
verified_user
SYS.LOG_04 // System Validation

The Resulting Ecosystem

# SECURITY
Zero Exposure

Only UDP/51820 exposed to internet. All management via Proxmox console.

# PERFORMANCE
Low Latency

WireGuard kernel module delivers sub-5ms overhead vs legacy OpenVPN.

# PRIVACY
No Logs

Stateless protocol, no connection logs, no DNS leaks via AdGuard routing.

arrow_back
Previous
HomeLab Revamp
Next
NAS OpenMediaVault
arrow_forward