Setting up Wireguard (client) on Steam Deck

[zaggynl]

Posting link to document, will edit post to contain full guide with screenshots later on.
Latest document can be found here: https://zaggy.nl/nextcloud/s/yGW9SinMCoWcNZN

Document copy pasted:
Setting up Wireguard on the Steam Deck - 2022-08-23 – by zaggynl



Why:
For use when you’re on an untrusted network (open wifi network) or if you want to connect to your home network for other reasons such as adblocking and access to private devices.



Requirements:

-A working knowledge of how to use Wireguard

-A Wireguard VPN server set up for use with all firewall rules set up

-Another PC with Linux (to generate keys)

-Preferably a USB-C dock or way to view and control the screen of the steam deck with keyboard and mouse, I used the nomachine software to remotely control the Steam deck.
See this document on how I install and use the nomachine software.

-I recommend setting a PIN on your Steam deck, so others cannot use your VPN connection after powering on your Steam Deck



0.

On the Steam deck, boot into Desktop mode by pressing the STEAM button, Power, ‘Switch to Desktop’.

1.

Once in desktop mode,
press the wireless icon to the left of the date and then the red circled button.

2.
Press the red circled cross.

3.
Fill in a name for the connection at the field marked with a 1, do not use spaces.

On the other PC, generate a private and public key for use in wireguard on the steam deck:

Install the wireguard-tools package through your Linux distribution’s package manager

Run the below commands, note that the shown keys are examples and should not be copy pasted.

mkdir steamdeck_wireguard

cd steamdeck_wireguard

wg genkey | tee privatekey | wg pubkey > publickey

chmod 600 privatekey

cat privatekey

abcdefghijklmnopqrstuvwxyz0123456789=

cat publickey

9876543210zyxwvutsrqponmlkjihgfedcba=

Save the above generated keys in your password manager or elsewhere safely.
Fill in the generated private key in the private key field marked with a 2.
On your Wireguard VPN server, fill in the generated public key for the Steam Deck entry.
Press Peers to continue.

4.
Fill in the public key field with the public key of your Wireguard VPN server.
Set allowed IPs to 0.0.0.0/0
Fill in the WAN IP address or hostname of your Wireguard VPN server
Fill in the port used on your Wireguard VPN server
Press OK

5.
Switch to the IPv4 tab
Change the Method dropdown to Manual
Fill in the DNS server(s) for your Wireguard server
Press Add
Fill in the IP address, Netmask and Gateway settings
Address is an address in the VPN range, Netmask 255.255.255.0, Gateway: 0.0.0.0
Press Save

6.
On the desktop, press the Wireless icon again, the home VPN should be in the list, press Connect, if all is well the Deck should be connected to your Wireguard server.
Verify if the connection is working by opening a browser and visiting a website or pinging an IP address.
Note that after connecting the VPN connection from Desktop Mode and then switching back to Game mode the VPN connection will remain connected.
Note that when powering off your Steam Deck you will have to go back to Desktop Mode to reconnect the VPN connection.

 

[markipolo]

Very interesting tutorial, thanks for your contribution.

I have a bit of interest in WireGuard, as I've heard it's better and more faster/secure than OpenVPN protocols,
though I've used OpenVPN for years, what would you say are the advantages for using wireguard on a steam deck?

also, why didn't you upload the pictures to your post also? (although I did manage to view them in the attached .docx file)

also I was just curious, you can use OpenVPN on a steam deck too right?

 

[zaggynl]

Very interesting tutorial, thanks for your contribution.

I have a bit of interest in WireGuard, as I've heard it's better and more faster/secure than OpenVPN protocols,
though I've used OpenVPN for years, what would you say are the advantages for using wireguard on a steam deck?

also, why didn't you upload the pictures to your post also? (although I did manage to view them in the attached .docx file)

also I was just curious, you can use OpenVPN on a steam deck too right?

Hey, welcome, I did a quick copy paste to start from the docx, will import pictures now, they didn't come along with the copy paste unfortunately.

Edit: forgot to answer the OpenVPN question: yes you can, I currently have Wireguard setup on my Opnsense router, OpenVPN should work fine.
Pros for Wireguard
* appears easier to setup to me, no username/password, just public/private key, on/off button in client
* I am able to reach high speeds, have not done any speed comparison with OpenVPN yet
* Copes well with network changes, immediately reconnects

 

[hyperwolf83]

I've been trying to get wire-guard to work on the steam deck for a while now. what address did you use for gateway? I tried my routers internal lan address, 192.168.1.1
Problem is:
I set up a wi-fi hotspot from my phone and connect to it, no problem there
I activate the wire-guard connection and it established a connection to my home server,
after about 10 seconds the steam deck hard-locks (everything freezes, cant move mouse) and reboots after about a minute.

This has been happening every time i try to use wire-guard on the steam deck.

 

[zaggynl]

The WAN address, the one you get back via a website like https://icanhazip.com.

Haven't seen the freezing issue before, am curious what it looks like.
Can you try opening desktop mode, a terminal, run sudo dmesg -wH, then connect wireguard?
It will show the kernel buffer and hopefully what goes wrong before it reboots.
Alternatively you can try to look at the logs with: sudo journalctl -k --since 20:00 (where 20:00 is the time just before the freeze)

I've edited the guide to specify it should be the WAN address in the endpoint address field.

Edit: I misunderstood, I have 0.0.0.0 in the gateway field.

 

[scriptos]

Thank you very much. I was able to connect my SteamDeck to a remote network.

 

[Ascending_Flame]

I'd like to expand upon this just a little, and give just a little reasoning on things.

For myself, I wasn't able to get the 'import' to work; however, that could be due to incorrect setup on my part, so it may still work on subsequent attempts.

The biggest point of failure for this setup is when you switch over to the IPv4 tab.

If you aren't sure what DNS to use on point # 2, using Google's DNS of 8.8.8.8 or Cloudfare's 1.1.1.1 should work just fine.

For point # 4, things can get a little tricky. I am using the actual virtual IP address given by my WireGuard host, which you should be able to easily find by using the command "pivpn wg clients" (it'll be different if you are using a different service, and will need to double-check your command if it's not PiVPN).

After that, Netmask I have as 255.255.255.0, as that is commonly the network default (and probably yours; if you know enough to change the subnet of your network, you probably already know what to put here anyway).

Lastly, it's VERY IMPORTANT that the Gateway field is left at 0.0.0.0. If you are moving about, connecting to different networks and using WireGuard, chances are that the Gateway will be different between networks. Specifying a Gateway will most likely cause it to fail packet routing - connecting you to the VPN, but not providing internet. 0.0.0.0 is a 'privileged' IP address that means "Default". If you have it set as 0.0.0.0, it'll automatically send your packets to the nearest available device, which will then send the packet on the way to the correct destination.

Hopefully this helps someone configure their WireGuard setup easier than I did.