[How-To] Install Wireguard (VPN) in docker, server mode

  • Wireguard installation on docker in server mode. This will allow outside access to your internal network at home through an encrypted connection.


    WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.


    The following WireGuard installation in OMV through docker in server mode provides access to all the services of our LAN from the outside through an encrypted connection tunnel. In addition, it will route all the client's internet traffic through the server through the VPN network.



    Preparation

    • Install omv-extras https://wiki.omv-extras.org/
      • In the GUI go to <<OMV-extras>> and <<settings>>
        • Select the appropriate "Docker Storage" path (Recommended dedicated SSD disk for this)
        • Install Docker (click button "docker" and click "install") and Portainer (click button "portainer" and click "install")
    • Create a dedicated user for docker in OMV GUI, let's call it "docker1"
    • In GUI determine UID (User ID) and GID (Group ID) of user "docker1". Section << Access permissions >> then <<User>> then open column UID and column GID. Alternatively in CLI run the command id docker1
    • To access our network from abroad we will need to know our public IP (consult your Internet Service Provider). Or alternatively have a domain that points to our server.
    • Forward port on your router (see your router's user manual how to do it)
      • external port 51820 UDP to internal port 51820 (IP of your NAS)


    Install Wireguard on Docker


    • Run the stack; this will download the necessary images and start the container
    • Via SSH (Putty or WinSCP or ...) navigate to the Wireguard "config" folder that we just created. Inside there will be two folders (in this case two because in this stack we put PEER = 2) called peer1 and peer2, to configure two clients (Customize for the clients you need). Inside we will have the necessary files to configure the two clients respectively. We download them to our PC. Depending on the client we want to configure, one file or another will be necessary.


    Configuration of a client in android

    • From our smartphone we go to the google app store, find and install the WireGuard app.
    • We open the app and press the "+" button to add a tunnel. It gives us three options, we choose the second, "scan from QR code".
    • Among the files that we have just downloaded to our PC, we choose the file with the .png format and open it.
    • We scan the image from the smartphone and assign whatever name we want to the tunnel, for example "home". We already have the smartphone configured to access our home network.
    • The home network appears on the screen, we press the button on the right and we give it permission to access. We should already be connected to our home LAN and we should be able to access services as if we were at home with an encrypted connection. In addition, all internet traffic on the smartphone will be routed through our VPN with an encrypted connection.


    Configuration of a client other systems



    Note: Do not change the default port. 51820 udp


    More information here:

    https://hub.docker.com/r/linuxserver/wireguard

    https://www.wireguard.com

    OMV 5, Intel core i3 3225, 8GB RAM, PendriveUSB system, ZFS RaidZ 5xWD Red 4TB, 1x120GB SSD Docker

    I DO NOT SPEAK ENGLISH. I translate with google, sorry if sometimes you don't understand me well:)

    Make a backup now. You don't want to miss it next week !!

    Edited 2 times, last by chente ().

  • KM0201

    Approved the thread.
  • If you don't want to route internet traffic on the client through the VPN network. Replace the line:


    - ALLOWEDIPS=0.0.0.0/0


    for this other:


    - ALLOWEDIPS=192.168.1.0/24 #adjust to your network

    OMV 5, Intel core i3 3225, 8GB RAM, PendriveUSB system, ZFS RaidZ 5xWD Red 4TB, 1x120GB SSD Docker

    I DO NOT SPEAK ENGLISH. I translate with google, sorry if sometimes you don't understand me well:)

    Make a backup now. You don't want to miss it next week !!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!