Setting up WireGuard between Linux and iOS

WireGuard is a modern VPN that’s designed to be easy to configure, performant, and secure. The ease-of-configuration is really important. If you’ve ever set up IPsec, you know what I mean. OpenVPN isn’t awful, but it isn’t good, either. WireGuard has both a Linux kernel implementation as well as a Go-based portable implementation that works on Mac and iOS. Official Windows support doesn’t exist yet, but is on the way.

I couldn’t find any information on configuring WireGuard to work with iOS. Here’s what I did to get it working.

On Linux:

Designated a /24 subnet in the RFC1918 space and set up wg0 according to the Wireguard quick start documentation. I actually configured it in /etc/network/interfaces like so:

auto wg0
     iface wg0 inet static
     pre-up ip link add $IFACE type wireguard
     pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
     post-down ip link del $IFACE

Created /etc/wireguard/wg0.conf:

PrivateKey = my-private-key-goes-here
ListenPort = port-goes-here

# iPhone
PublicKey = public-key-goes-here
AllowedIPs = client-ip-address-goes-here/32

AllowedIPs is a bit of a misnomer. It’s not just an ACL for incoming packets; It’s also used to determine what traffic to route to each peer. The important thing here is to use /32 addresses in the AllowedIPs of the peers. If you use the entire /24 subnet, only the first peer using that subnet will work.

The iOS client side is where I had the most trouble. Part of the trouble is that the iOS app doesn’t show the state of the client. The other part is that since WireGuard is connection-less, even a bogus config will show up as active when you enable it.

Here’s what worked for me on iOS:

I created a key pair using the iOS app and put the public key in my Linux wg0.conf and restarted that interface.

Assign an address to the client from the /24 subnet. This needs to match the AllowedIPs line on the server. I used a /24 netmask on the iOS device, but /32 should work, too. I set the Listen port to 5555 to make it easy to verify incoming traffic using Wireshark, but that’s optional. A DNS server should be specified, because the existing one probably won’t be reachable with the VPN up. (Enabling Exclude Private IPs might fix that depending on the network you’re on.)

On the iOS peer config, enter the public key of the server and set the endpoint IP:port. For Allowed IPs, use This will cause all traffic to be routed through the VPN endpoint while it’s active.

That’s it. Now activate the VPN and send some traffic through it. The ‘wg’ command on the Linux peer should show a handshake and data transferred in and out. To make Internet access work from the iOS device, you’ll probably want to set up NAT on the Linux peer.

Note that WireGuard is silent on the wire by default, so you won’t see a handshake unless you force traffic through it. The easiest way to do that is to use Safari to try to connect to the Linux peer’s IP address. (It doesn’t matter if it doesn’t have a web server running.) Using for Allowed IPs on the client essentially forces a connection handshake because the iOS device will start sending traffic to the world through it on its own.

WireGuard roams peers between IPs effortlessly. Obviously one endpoint must have a fixed IP:port, but a peer roaming between Wi-Fi networks and LTE works beautifully.

LEGO Nightstand Light Switch

I’ve been playing a lot with home automation recently, and in particular I’ve been installing a lot of cheap ESP8266-based Wi-Fi relays, such as the Sonoff Basic, Sonoff SV, Sonoff S31, Sonoff iFan02, and Shelly1, which have all been flashed to run the open-source Tasmota firmware. These communicate with Home Assistant through an MQTT message broker over Wi-Fi. Home Assistant, in turn, allows the devices to work with schedules, timers, voice-activated cylinders, and so on. With the exception of the Sonoff Basic, I would happily recommend these devices to anyone with some electrical knowledge and DIY skills.

One advantage of having automation-enabled lights in the kids rooms is being able to turn on their lights to help get them out of bed on school days. For that reason, I set up the ceiling fan in Lucas’s room with an iFan02 (replacing the Hunter RF control module), one of his floor lamps on an S31 and the other on a Basic.

Now he needed a convenient way to turn on/off the floor lamp and nightstand lamp without physically switching them off, which would prevent them from being turned on by automations.

Here is the result:

Lego Light Switch
The LEGO light controller (right), pictured with a Sonoff iFan02 remote (left)

Each of the buttons toggles the state of a different light. The LEGO parts were scavenged from a large parts bin. The buttons came from a local electronics shop. Inside is a Sonoff SV, powered by a re-purposed USB cable. The Sonoff SV was modified somewhat to make it fit in the small enclosure: I removed the relay and the side of the board carrying the relay outputs, and the header pins were bent at about a 45 degree angle to keep them out of the way of the pushbuttons. Power comes from an old iPhone USB charger.

Installing the buttons was probably the hardest part of the build, but that’s not to say it was difficult. I hit the center of the smooth-surface blocks with a punch and then drilled them handheld without any issues. The bore is slightly more than 1/2″, which required some extra trimming. The depth of the LEGO prevented use of the button mounting hardware, so I used hot glue to hold them in place.

Here you can see the Sonoff SV, trimmed to fit and relay removed.
Here you can see the Sonoff SV, trimmed to fit and relay removed. This was done to save space.


Internally, the buttons are connected to ground, with the other leg connected to a female header cable that plugs into the corresponding GPIO port. I used GPIO4, 5, and 14.

Inside the controller



The USB power cable is fed through a block with a hole in it. A zip tie is used internally for strain relief.

Here you can see the inside of the assembled unit. Everything barely fits.

Everything packed together
Everything packed together


Moving onto the software side, this is how I configured the Sonoff SV module with Tasmota

Sonoff Module Configuration
Sonoff Module Configuration

Finally, I had to configure it to toggle the other modules on and off with button presses. This doesn’t use Home Assistant at all; I used Tasmota rules to publish MQTT messages to the other devices directly. Home Assistant correctly observes their changed states automatically.

Tasmota supports a bunch of active rules at once, but they all end up concatenated together on one line. Ignore the line wrap below! This is the configuration I ended up using:

switchtopic1 0
switchmode1 5
switchmode2 5
switchmode3 5
setoption32 20
rule on switch1#state=2 do publish cmnd/sonoff-3325/power 2 endon on switch2#state=2 do publish cmnd/sonoff-3443/power 2 endon on switch3#state=2 do publish cmnd/sonoff-2833/power 2 endon
rule 1

The other lights correspond to topics sonoff-3325, 3443, and 2833. (I’m still new at this, but so far I’m keeping with the pre-assigned names rather than friendly names.)

That’s it! I hope this helps someone.

This build was inspired by @mike2nl and @andrethomas on the Tasmota Discord channel. If you get stuck with Tasmota, I’ve found the channel to be very helpful.

TestDisk Data Recovery on OS X

One of the 4TB external USB hard drives I use for local backups started randomly disconnecting a few days ago. Today it failed completely. It’s a Seagate Backup Plus model, where the bottom of the enclosure consists of a small, removable shim that contains the USB & power connections and the USB to SATA converter chip. After trying different USB ports and cables without success, I decided to hook up the drive directly using SATA. After trimming a SATA cable with a utility knife to make it fit the narrow port opening, hooking it up, and rebooting… Finder offered to initialize an unreadable disk.

Disk Utility showed a single unreadable 500GB partition and a FAT partition table. The drive previously had a GUID partition table, not FAT. I have no idea what corrupted the disk in such an interesting way, but TestDisk was able to quickly scan the drive, locate the partitions and types, and repair everything in just a few seconds. The user interface hails from the 1990’s, but the software worked wonders and it’s completely free and open-source. It also runs on Linux, Windows, and DOS.

All my backups are intact and valid. I haven’t figured out what to do with the drive, though. Anecdotal evidence from the Internet suggests USB/SATA adapters are prone to failure, but I’m guessing the cause is probably cheap, poorly-designed power supplies. I’m not sure if it’s worth opening a support case with Seagate.

Opendiag OBD-II Schematics & PCB Layout

oshw-logo-100-pxBack in 2000 I created some open-source hardware: An RS-232 to OBD-II interface. I’m posting the details of that project here so that I can shut down my old website. I’m no longer interested in this project, but it gets a surprising amount of traffic every day. I wanted to make sure it’s still available here in case anyone wants it.

By now there are undoubtedly far better approaches for connecting computers to cars, so please keep in mind that this information hasn’t been updated since 2002.

PCB logo

This page contains plans to build a device to interface RS-232 (a laptop computer) to the ISO9141-2 / ISO14230 / SAE J1962 (OBD-II) diagnostic connector on many Volkswagen, Audi, Seat, Skoda, and Subaru automobiles. It should also work on many pre-OBD-II models. It has been tested on my two vehicles, a 1998 VW GTI 8v and a 1998 VW Passat GLS.

Please note that this page does not contain software. Free software was a goal of the Freediag project. Commercial software is also available which works with this interface.

Please don’t email me questions about this project.

This document is viewed by hundreds of people a day. It has helped thousands build the interface described here. The information presented here is as complete and accurate as necessary for a person of sufficient skill to build their own interface. If you require help, please seek it from a discussion group or your local electronics guru. I lack the time (and often, the ability) to answer questions. Thanks for your understanding.

Here is a parts list for Digi-Key:

Item Qty Part Number Description Application
2 2 2N3904-ND NPN SML SIG G.P. AMP&SWITCH TO92 T1 & T2
4 10 1.0KQBK-ND 1.0K OHM 1/4W 5% CARBON FILM RES R1,R2,R5,R6,R7,R9
5 5 1.5KQBK-ND 1.5K OHM 1/4W 5% CARBON FILM RES R3
7 5 150KQBK-ND 150K OHM 1/4W 5% CARBON FILM RES R8
9 1 A23279-ND 09 MSFL PLUG RA 318 (SL,FM,BL) DB9 MALE
10 1 A23305-ND 09 MSFL RCPT RA 318 (SL,FM,BL) DB9 FEMALE

On 5/21/2002, the cost of these parts was US$8.33, plus a $5 handling fee and shipping charges. You can get other parts, such as perf board, etc., at Fry’s or maybe Radio Shack. I do not sell any parts. You need to get them from an electronics distributor such as Digi-Key.

Frequently Asked Questions & Answers:

Question Answer
Will this device work with my car? If your car supports VAG, ISO9141-2 or ISO14230, it should work. That includes cars sold by Volkswagen, Audi, Seat, Skoda, and Subaru (1996+). Most vehicles sold by Ford, GM, or Chrysler are not electrically compatible with this interface.More information on OBD-II and ISO standards can be found here.Many newer cars (model year 2001+) utilize two K-lines and this device only supports one. If you’d like to contribute a schematic or other information on how to support dual K-lines, please contact me. But don’t ask me — if you don’t see the information here, I don’t have it. Thanks!
Do you sell these things? No. You can buy a complete hardware and software package from Ross-Tech at a very reasonable price.
What kind of capacitor should I use? It isn’t critical. If you use a polarized capacitor, make sure you get the polarity correct. (You should be able to figure that out yourself.)
Does it really work? Yes, hundreds of people have built this thing, and it works. I suggest you replace the 140k resistor with a 150k resistor for the best results, however.
I can’t find the NEC 2501-3. What should I use? There is no such thing as a 2501-3. I’ve simply stuck three 2501-1‘s together and called it a 2501-3.In North America, you can easily find the NTE NTE-3098 (Compatibility confirmed by Dale Kirstein). Fry’s Electronics carries NTE parts.You can also try the Infineon SFH615-A2 (Compatibility confirmed by Nigel Middleton)
My OBD-II (J1962) connector only has electrical contacts in pin positions 4, 5, 7 and 16. Why is pin 15 (L-line) missing? Not every car has an L-line connection. If yours doesn’t, don’t worry. This circuit will still work.
My OBD-II connector has a contact for pin 4 (or pin 5) but not both. I suggest you connect the two ground pins together on the circuit board. Some cars only provide one of the ground connections.
Is free software available? Yes, but it hasn’t been updated since 2003. Check out Freediag for more information.The Opendiag discussion group at Yahoo Groups is another resource.Ross-Tech seems to have discontinued their free version of VAG-COM.
How do I make a circuit board? I have written a basic guide that explains how built the board in the photos. These days I use cheap PCB manufacturers in Malaysia and China. A few can even accept EAGLE files directly.
I’m interested in writing software. Where can I find technical documentation on OBD-II online? You probably want a copy of HS-3000 from the Society of Automotive Engineers. The cost is around US$240 (in 2009).
My computer doesn’t have a serial port. The Keyspan USA-19HS is an excellent USB to Serial (RS-232) adapter for this application. Be aware that most other USB to Serial adapters will give you lots of trouble with this circuit. You have been warned.
I have another question that you haven’t answered here. Please look elsewhere on the internet, or ask your friendly local electronics guru.
Thanks for sharing. How can I express my gratitude? Send me a postcard:Jeff Noxon
10735 Valley Forge Dr
Houston, TX 77042 USA


Here are some pictures of my first assembled prototype.

This is an early prototype. The jumper wires on the bottom are not necessary with the current board layout.

Top of prototypeBottom of prototype


This is the artwork used in the latest revision of the board. It is a single-layer design. If you plan to etch your own board, use the Postscript or PDF files in the files section for greater accuracy.

Low-res of the PCB artwork

This picture shows component values and placement. Note that the 2501-3 is actually three NEC 2501-1 optoisolators. The Digi-Key part number is PS2501-1-ND.

Diagram showing component placement on the top of the PCB

Part Substitutions

The following parts are suitable replacements:

  • NEC 2501 Optoisolator: Infineon SFH615-A2 (Thanks: Nigel Middleton) or NTE NTE-3098 (Thanks: Dale Kirstein)
  • 2N3904 Transistor: NTE NTE-123AP (Thanks: Dale Kirstein)

These substitutions have been used by others who have built this device.


The files linked below and the images on this page (also referred to as “software”) are Copyright © 2000 Jeff Noxon, and are distributed under the terms of the GNU Public License. By downloading these files you agree to the terms of the license.

The GPL license has been chosen for two reasons. First, the documentation necessary to make this project possible was released to the public under open terms. Second, I have spent a great deal of time on this project. Any commercial vendor who sells this device (or one derived from these files) is obligated under the license to provide the schematics and/or board layout to their customers.


Files / Downloads

COPYING.TXT – License agreement for all files – IMPORTANT
ISO_B1.PS – Board layout, revision B1, Postscript
ISO_B1_LJET.PCL – Board layout, revision B1, PCL, 300dpi, HP LaserJet
ISO_B1_LJET4.PCL – Board layout, revision B1, PCL, 600dpi, HP LaserJet 4+
ISO_B1.PDF – Board layout, revision B1, PDF (for Adobe Acrobat Reader)
SCHEMATIC_B1.PDF – Schematic (PDF Format)
ISO_B1.SCH – Schematic (EAGLE Format)
ISO_B1.BRD – Board Layout (EAGLE Format)

OpenDiag – Aims to develop GPL’d software to use with this device. OpenDiag also provided the basis for this schematic.

B&B Electronics – Sells a rather expensive, but nice, SAE J1962 to DB9F cable compatible with this project. (Broken link, old SKU OBDIIJ1962 seems to be unavailable.)

Multiplex Engineering – Sells an alternative, much cheaper SAE J1962 to DB9F cable. See this e-mail for more information. I have not tried this cable. If you buy one and it works, please let me know!

Ross-Tech – Sells VAG-COM diagnostic software, which is compatible with this interface.

Cadsoft – Sells the Windows & Linux CAD software (EAGLE) used to develop the board.