-
Notifications
You must be signed in to change notification settings - Fork 13
Using VPN
UnofficialOS has built in support for multiple VPN services.
Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other.
Sign up for a Tailscale account.
Tailscale requires a Single Sign-On (SSO) provider, so you’ll need a Google, Microsoft, GitHub, Okta, OneLogin, or other supported SSO identity provider account to begin.
Tailscale helps you connect your devices together. For that to be possible, Tailscale needs to run on your PC.
Tailscale works seamlessly with Linux, Windows, macOS, Raspberry Pi, Android, Synology, and more. Download Tailscale and log in on the PC.
UnofficialOS Emulation Station has customized UI with Tailscale support.
- Press "start" button to go into Emulation Station Main Menu.
- Select Network Settings submenu.
- Select "Tailscale VPN" and turn it on.
- Select "Back" button to exit setting dialog.
The initial connection to Tailscale will require authentication.
- Select Network Settings submenu again.
- You should see Tailscale authentication url. You need to type this url on your PC browser and authenticate.
- After login on PC is successful, Select "Tailscale VPN" and turn it on again.
- Select "Back" button to exit setting dialog.
- Tailscale VPN should be connected.
The magic of Tailscale happens when it’s installed on multiple devices. Add more of your devices and share Tailscale with your peers to grow your private network.
Add more machines to your network by repeating step 2, or 3, or by inviting others to join your network.
- Tailscale homepage link
As game streaming becomes more popular, it enables AAA games, streamed over the internet from your home computer, to be played on your console while traveling.
Typically the configuration involves copying your WireGuard VPN config file over to your UnofficialOS device and then enabling WireGuard VPN in Emulation Station Network Settings menu.
UnofficialOS uses standard WireGuard config file format. The file is typically provided by your VPN provider. If you want to host your own VPN Server on your local network, there are plenty of tutorials available online.
Currently only the single connection is supported. The WireGuard config file must be placed in the following location - /storage/.config/wireguard/wg0.conf. Please use SSH or Samba to create the file there.
Don't forget to restart Emulation Station to pick up the changes.
Sample wg0.conf file
[Interface]
PrivateKey = <your private key>
Address = 10.111.10.2/24
[Peer]
PublicKey = <server public key>
AllowedIPs = 0.0.0.0/0
Endpoint = <server>:<port>
Note: "DNS" option is not yet supported in the config. Please remove line starting with "DNS" from your config file.
Emulation Station now has a new menu item toggle to enable or disable WireGuard VPN connection. Use it turn the connection on or off.
Note: make sure that WireGuard config file is present on the device, see the Configuring WireGuard VPN in UnofficialOS section above. The menu option is only available when the config file is present.
Connect to configured VPN server
- Press "start" button to go into Emulation Station Main Menu
- Select Network Settings submenu
- Select "Wireguard VPN" and turn it on
- Select "Back" button to exit setting dialog
- WireGuard VPN should be connected
Disconnect from configured VPN server
- Press "start" button to go into Emulation Station Main Menu
- Select Network Settings submenu
- Select "Wireguard VPN" and turn it off
- Select "Back" button to exit setting dialog
- WireGuard VPN should be disconnected
The local PC can be setup to be a WireGuard server. This allows accessing that PC (and a local network if SNAT is enabled) from the remote location using the device.
The configuration is the following:
- Generate pair of configuration files
- Install WireGuard on your local PC and import server config
- Setup Port Forwarding for WireGuard port from your local router to your local PC
- Enable WireGuard on your device
The device have a helper script which can generate a pair of configuration files for the device and for the local PC with WireGuard server.
The script should be executed from SSH terminal.
# Generate config file
wg-genconfig
The script will generate wg0.conf and wg0.conf.server files.
[Interface]
PrivateKey = <server private key>
# PublicKey = <server public key>
Address = 10.111.10.1/24
ListenPort = 51820
# If you want to access other devices on the same network,
# you need to enable SNAT, the lines below.
# Make sure that eth0 matches your main network interface.
#PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward
#PostUp = iptables -A FORWARD -i %i -j ACCEPT
#PostUp = iptables -A FORWARD -o %i -j ACCEPT
#PostUp = iptables -t nat -A POSTROUTING -s 10.111.10.0/24 -o eth0 -j MASQUERADE
#PostDown = iptables -D FORWARD -i %i -j ACCEPT
#PostDown = iptables -D FORWARD -o %i -j ACCEPT
#PostDown = iptables -t nat -D POSTROUTING -s 10.111.10.0/24 -o eth0 -j MASQUERADE
[Peer]
PublicKey = <device public key>
AllowedIPs = 10.111.10.2/32
If you want you device to access your local network, you need to enable SNAT, allow your local PC forward network packets to other devices on your local network. That is done by uncommenting PostUp/PostDown commands in the config.
- Download the client for your OS from here.
- Import wg0.conf.server and enable the tunnel.
Sometimes the tunnel doesn't establish successfully. The following commands can useful to diagnose issues.
The commands below should be executed on the device using SSH shell access.
# Check the status of active tunnels.
# You should see the connection statistics.
wg show
# Check my public ip address
curl ifconfig.co -4
# Bring tunnel up
wg-quick up /storage/.config/wireguard/wg0.conf
# Bring tunnel down
wg-quick down /storage/.config/wireguard/wg0.conf