Wireguard VPN Docker-Compose

Wireguard VPN quick and easy deployment using docker-compose. Copy this into a file and save it as docker-compose.yml.

version: "2.1"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - SERVERURL=auto #optional
      - SERVERPORT=51820 #optional
      - PEERS=askben-phone,askben-mac #This is the device list
      - PEERDNS=8.8.8.8 #optional
      - INTERNAL_SUBNET=10.254.254.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
    volumes:
      - ./wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

This will create a configuration file for each individual device listed as PEERS above. Use the following command, passing the peer name as parameters, to display the QR code of whichever device you want. Then scan it with the Wireguard app on your device:

sudo docker exec -it wireguard /app/show-peer askben-mac

Wireguard QR Code

Or CAT the file to pull the configuration:

sudo cat wireguard/config/peer_askben-mac/peer_askben-mac.conf

Which look like this:

[Interface]
PrivateKey = 123456890qwerty=
Address = 10.254.254.5/32
DNS = 8.8.8.8
MTU = 1380

[Peer]
PublicKey = qwerty1412316dgfwr1=
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
Endpoint = 25.25.25.25.1:51820

I’m running this on Google Cloud and Azure. I found that I needed to change the MTU on the connection back to the GCP VM.

Wireguard VPN Docker-Compose

Tags

Related Post

Links to Research

Crypto IPsec Ikev2

Secure Tunnel Over SSH

Fortigate Automation-Stitch Commands

IP SLA Static Route