Admin: add a VPN peer

← User setup guide

For household admins only. Creates a WireGuard profile for a new phone or laptop.

1. Open wg-easy (on your Mac)

  1. Terminal: ssh maz@192.168.1.50 -L 51821:127.0.0.1:51821
  2. Browser: http://localhost:51821
  3. Password: ~/homelab/data/wireguard/INITIAL_ADMIN_PASSWORD.txt on thinkpad (or your changed password)

2. Add client

  1. Click Add Client (or the + button).
  2. Name it clearly: e.g. partner-iphone, maz-phone.
  3. Confirm Allowed IPs: 192.168.1.0/24,10.8.0.0/24
  4. Confirm DNS: 10.8.0.1 (not 192.168.1.1)
  5. Already have a peer? Delete it and create a new one (or re-download the QR). Old configs still point DNS at the router and will not resolve jellyfin.mazjindeel.com off-LAN.

3. Share with the user

  1. Click the client → show QR code (phones) or Download .conf (laptops).
  2. Share in person or AirDrop — never post QR/config publicly.
  3. Send them to vpn.mazjindeel.com for import steps.

4. After they connect

They should use jellyfin.mazjindeel.com in Safari and the Jellyfin app (Let's Encrypt).

Re-create peers after server VPN changes — old QR codes keep stale AllowedIPs/DNS.