Mart's Stuff and Things

My little corner of the interwebs

Managing Wireguard on Android with WG Tunnel

Published on: by Martin Pugh

2 min read

Introduction

For the last 6 months or so, we've been using Wireguard as a #SelfHosted VPN solution providing our mobile clients with filtered DNS, courtessey of Pi-Hole, as well as access to few internally hosted services. We also use it to connect to a few other hosts scattered around the interwebs. So far, it's worked really well for us but there's always been a part of the process missing with the standard Wireguard client on Android.

What's missing?

What's missing was a way to automate if and when the Wireguard client connected to the VPN or not. There's no point having the client try to connect when we're already at home on a trusted WiFi network. There's also no point having the client connect if the phone is connected to our travel router, which automatically "phones home" so all connected clients get the Wireguard/Pi-Hole filtering treatment. I've been able to get this sort of functionality working by using another Android app called Tasker. With Tasker you can create tasks and rules based on many different settings and sensors and it's been OK. Not great, but OK. I've had to manually switch between rule sthat were active based on home or travel router SSID's and while it's worked, it rather clumsy. Enter WG Tunnel...

WG Tunnel

I've seen a few people mentioning WG Tunnel on Mastodon recently so I decided it was time to take a look.

WG Tunnel is a third party tool for managing Wireguard connections but it also includes extra funtionality beyond what the standard Android Wireguard client does. For our situation, that includes automatic VPN activation based on the current phone connectivity. It even allows for connection to a specific VPN profile rather than just on-off.

Setup is pretty similar to the regular Wireguard tool and with both tools having export/import I got my profiles moved over in a few minutes. It took me a few minutes to figure out how the "Auto-tunneling" feature worked but once I got the hang of it it was pretty simple to get things going. I have the same automation in place now whereby when I disconnect from any of our home SSID's, or the travel router SSID, WG Tunnel fires up the VPN connection. I no longer need multiple tasks and rules to manage these connections. There's a section for "Trusted WiFi Names" that disconnect the VPN but otherwise you're online. There's even a mechanism to select a secific VPN profile based on the SSID you're connected to which could come in handy.

Summing up, for now

I'm sure there are plenty of other options I've not even used yet but will dig further as time goes on. It also means I should be able to get our other mobile client devices switched over and automating their VPN connections too without having to resort to multiple tools.

network wireguard vpn android

Related Posts

Cut yourself some slack

I've come to realise that my homelab setup is getting out of hand. I'm using Proxmox on a second hand Intel NUC to ru...

Network cleanup at $dayjob

Over the last 6 weeks or so, I've been running about like the proverbial headless chicken trying to get ready for our...