Create your own VPN server with WireGuard in Docker

I am embarrassed to say that this is the first time I come across with this video after 2 years of trying to fix my Wireguard container! It was super straight forward and explained perfectly so I feel like I have more control on the parameters of the image and wireguard itself! Thank you!

This video was exactly what I was looking for. Very thorough, definitely one of the best videos I've watched for help on projects I am doing.

VERY HELPFUL! I especially appreciate your step-by-step examination of the YAML file. It helped my overall understanding of what's going on with the container.

Very clear and very thorough explanation

The docker image looks really nice and also very comfortable to use. Although, I am not sure whether I should be concerned of the fact that the server knows the private key of its clients.

watched many other YT tutorials (while unsuccessful and banging my head against the wall in failure lol) and then found this....followed your instructions on some aspects but used portainer-ce to create/edit the container...I appreciate you going through each line in the docker-compose file so i could add env/vol variables according to my usage which is being executed in docker on an RPI4...after several container rebuilds I have wireguard running so I can access my home network while i am away! Cheers 😎
/subscribed

Really great stuff! This was so easy to setup and it gave me a chance to start my first docker project. Thanks!!

All went fine on my Oracle cloud instance then came my wife's... it worked on mine? Said connected, but no internet! Some fool, can't think who, put the allow 51820 into MY ingress rules twice!! Once fixed, all fine. Excellent as usual Christian!

Thank you! Much like others, I had been unsuccessful in setting up WireGuard server. But with this video was up and running on my first attempt.

Thanks a lot for your video, Christian! This helped me fixing my Wireguard container in Portainer. It was very helpful that you also showed how the config files look afterwards so I had a reference of the outcome and was able to compare and see what I did wrong (I put my local network address in the internal address field).

Top Video! Super transparent erklärt, sehr gutes und leicht verständliches Englisch!!!

This guy knows how it works and his explanation is very clear! Nice video and thanks!

Superb video, I like how you present the info in a clear and concise manner!

I have watch this video many times and and I learn something any time I watch it.
Thanks a lot man!

Christain another excellent video. Got this running quick :). Thanks brother.

The best video i have seen today. Exactly what i was looking for. Thanks

1:15 - 1:55 YES!! I've been saying the same thing for years! VPN providers are using that phrase in advertisements to "protect and secure your data online" near me. While yes, it will to a certain extent, in actuality you're just kicking the can down the road a little bit. Plus, if VPN providers are lying to you to use their service... they shouldn't be trusted with your data!

WOW - brilliant video. These instructions worked perfectly the first time. Thank you!

i watched this over 20 times

I am running 2 Wireguard containers, but if you need to cange the standard port from 51820 you need it to change in the wg0.conf file after you set all things up.
For instance you not want Port 51820 but 51824. You need first change the ports in the docker yaml file. After the deploy you go to the config/wg0.conf and change the "ListenPort = 51820" to "ListenPort = 51824".
It took me a while to find this out because the changed Port didn't worked but the old one does.

I think I know what I'm gonna do this weekend. Thank you.

Very Informative, helpful and Educational video! Thx for the tutorial man!

What if someone wants to have the wireguard connection partially made? Meaning he can access his home services remotely but all other traffic comes from his locala connection not the remote one. What lines should someone use there before deploying the image?
Also by the way the image has been set up there will be always a client named peer1? What if you want to give access to 4 people and you want each client to have different name

Yo! It's already here. Thanks man!

I followed everything and I am able to connect to the VPN using the conf file and activate it. However, when I turn on the VPN my issue is that it connects but I don't have internet access. I'm getting a DNS Probe error so I'm sure it has to do with the DNS. I am running this on RP4 with portainer. How can I fix this issue?

Excellent Video. Sorry mself, to be late on this channel. 1. This could have been done using public IP (vps) for further more clarity.
2. Can a peer, expose its entire network for other peers ?

your videos are great.Thank you for sharing.
Keep up the good work.

Great video Christian! Thanks

do more of this!! this is amazing

Christian, because of you, I ditched my Windows server, Blueiris, and WSL and got onto Ubuntu Server, Portainer, HA, Frigate, and the list goes on. Currently I have HA pushing alerts to my phone but I constantly have to turn on Tailscale to receive them. Tailscale does not seem to have any interest in giving us a much needed quality of life feature that allows it to switch on/off based on WiFi SSID whitelist or Mac whitelist, basically, a way to activate VPN when I am away from home and not in my local network. So I want to ditch Tailscale, despite how much I love it, and instead move on to WireGuard as I was told it's able to do that. I would be so grateful if you were to make a simple short video showing us how we can achieve this as it allows us to keep all of our HA config exactly as is and just rely on the client to switch automatically. Thank you and happy new year!

Could you please make video how to make our own wireguard docker image.

Its working! Thank you, great tutorial!

Will this process work with Torguard wireguard file (key) and or any other provider? I have duo core mini pc with an ssd but one lan. I have a usb Ethernet that works on android could that possibly work? I have fiber from century link that uses pppoe protocol.

i'm installed wireguard in VPN working fine, but when i access VPS using RDP, internet not working in firefox- and any Browser.
what do i do ?

This is an excellent video, and I was able to set up my WireGuard VPN for 8 users :) The QR code configuration was an extremely easy path for mobile devices. I have had two challenges though:
1) It was not possible to configure it on any other port but 51820, I think the problem is on the client side (both iOS and Android)
2) Getting the config file through a QR code was a breeze thanks to your explanations but I am having a hard time with the command like for downloading the config file for MacOS.

thanks man you saved my day

In case I forgot to say - Thank you Very much! :)

Thanks! Installing wireguard via docker on a rock64 takes care of so many issues, it's just not worth it installing it manually on that sbc!

Very cool, but when I distribute it just helps to have a gui interface to add clients. Hope Linux server guys add this soon.

It would be nice if you made an update to this tutorial using the WireGuard-UI docker container. (I'm not stuck with it or anything... Pretty pls)

Too good. Thanks.

Thank you for the great tutorials. I have a couple of questions: 1. Are there any performance or security issues running this as a docker container versus running this bare metal on my system (using something like PiVPN)? 2. How do I configure so I can access local machines on my home network when I am remote? I did watch your recent video about Tailscale but don't like the idea of someone else managing all the configuration. I currently have a PiVPN instance up and running on an x86 machine but can't seem to access local machines when I am outside my home network. I looked at some of the documentation for wireguard and thought it might be related to the INTERNAL_SUBNET config but don't completely understand. Thank you in advance for any assistance you may be able to offer.

you are awesome. very easy to understand.

is there a way to add wireguard to ubuntu 20 network manager? Thats where my openvpn ON/OFF toggle used to be and it's quite handy

Good one thanks.
ps. Kernel headers don't seem to be available, can't compile the module. Sleeping now. . . ****

I have a VDS. I have 2 public IPs. I want to run 2 Docker containers and have each one use its own public IP. How can I achieve this?

I have set it upand scanned the qr code with the wireguard app on my iphone but just nothing happens. well it seems to connect, but no internet traffic what so ever :/

A good tutorial video, but I do not think "chown" is neccssary, because docker project needs "sudo" to run it.

Thanks I was able to follow your tutorial and run wireguard! Just wanted to know if I can use my public ipv6 and tunnel that to my clients.

Thank you for this wonderful video. Please how then would you configure other docker services to route their traffic through the VPN

Very nice.. thanks so much!

Congrats for your videos, you're very smart! But I cannot catch very well an aspect. Is it necessary to forward port 51820 of my router to Wireguard server in order to gain access from my devices over the internet?
Can you explain a little bit better this point? Thanks

I am getting an error
+++++++++++++++ /o/wireguard-server> sudo docker-compose up -d
ERROR: yaml.scanner.ScannerError: mapping values are not allowed here
in "./docker-compose.yaml", line 2, column 19
I did not change anything in line 2 :(

Thank you man ♥

Big up

Hey, great video! I am really confused on how to get this to work outside my network I can't seem to port forward it and when I try network_mode: host it spits back with some errors

Any chance you can make an updated showing how to install behind nginx proxy manager and a domain name?

Works pretty good but not right out of the box if you want to change the port from the default 51820. It can be done of course with some manipulation.

Amazing.💪🏽

Question: I have 2 machines (n1, n2) exposed on internet (virtual private server) I have few services running on n2 that I want the apps running on n1 to access. now one way is to use SSL/TLS for every service running on n2 so that apps on n1 can connect securely to services on n2. The 2nd option is to create a VPN on n1+n2 and then the apps on n1 can use that VPN IP address to access services on n2 without any TLS configured on n2. However I'm not sure if by creating VPN the regular traffic from internet to both n1, n2 is blocked or changed in anyway? is it the right way to secure servers internal services that we don't want to expose on internet?

What is the SSH program you are using? It is so clean and comes in dark mode!

Hey don't know if you answer the community but do you have a way to install WG in an ubuntu server (that part yes) and then using it on an asus router as a client? I don't want to install WG on the router, first because it disables hardware acceleration and second because my router is not compatible.

Congrats , it is a GREAT VIDEO .
I Am Using a GLinet Rooter , Now I am at FRANCE , But i Want To Use My NY's IP , From NY I Already HAVE My TP LINK MODEM , And I Just Want To Know How Do I CONFIGURATE It While I am FRANCE And Still Have My IP To NEW YORK please .

Hello, switching from wireguard configured on Rasp by pivpn to wireguard on docker, i noticed that i lost PSK on client's configuration. Basically, from a security prospectivy is not good. Do you know if i can improve this feature in docker file? thank you!

How can download the resolvconf package on windows.

Amazing, Thank you

Very interesting, but I installed a wireguard server as shown on the video on a VPS to make a tunnel to access internet from another country, but I've no access to internet ? any idea ?

Hey :)
Do you previous port forwarding 51820 port on your router and then do this'?

after wg-quick up wg0 seems connected successfully so I type the command
docker exec -it wireguard wg on the server machine and it only appeared
key peer and allowed ips. The endpoint, latest handshake and transfer do not appear. I assume the machine didn't connect. I followed all the steps twice and I still don't understand what happened. I'm using Ubuntu vm.

Did you known what problem is running here? I only got volume mapping before I map /etc/passwd and /etc/group to container. What did I miss to solve in your sight? Thanxx

Great great great!!!

Hey Christian, one question. I installed wireguard in docker, like the way you explained in this great video, but docker runs in a lxc in proxmox. It doesnt work. The VPN connection runs, i checked in the wg command. But i have no connection to the internet. Any ideas? Thanks und best regards!

I created container but I can't diploy that
Error message is- command not found

I would like to use wireguard server in a Docker. I do have wg server and client installed on Ubuntu. However, I cant connect to internet with VPN. May be because both server and client are installed on one machine (Ubuntu 18.04). I'd like to try wg server in Docker and client on Ubuntu. Should I first remove the wg-server.conf and wg-client.conf I have right now from /etc/wireguard/ before I'll start to install wg server in the Docker?

how to block a user from accessing all local networks ressources,permit the user only to get to internet on wireguard

Why not install wireguard on the virtual machine instead in a docker?

Hi and thanks for the Vid.
Everything seem to be up and running in docker. I was able to get the peers and when I run the app, in the logs am not getting a handshake so not internet. anything I can try?

My question is after creating the wireguard docker compose file (docker-compose up -d) whats the command to delete/reset a public/private ip address of a user who is no longer using so he/she cant use it because of security concerns. We dont want to delete the peer count just reset the public/private ip. Does anyone knows the command to do it.

Can you post a video about how to tunnel between two vps's or refer me to one?
i live in iran and i have to use a iranian vps and one from europe to be able to connect

Hey! Thanks for the video!
When I add more clients and exec show-peer 2 command I receive "PEER 2 is not active". How can I make it works?

It was cool!

Thnx Fritz

Cant get it to run with the Asustor NAS. I don't think I can install the kernel module

I try a lot of times but i dont know Why is not working for me to configure the all way :( Could you make a video about WireGuard client docker to ?

When you add peer 2 and recreate the container, does it not recreate peer 1 too?

so if everything is running on the same machine serverurl is then just localhost?

Maybe I missed it, but looks to me it only provides internet connection over the docker, without access or further access on the server the way you did the setup. To do so the config needs more adders, such as local pathes etc.to access. I run something similar with openvpn, but with access rights to my files outside the docker.

Am I correct in assuming that remaking the docker to add more users, rest everybody existing access to the VPN server?

Nice thx!

Hi, im kinda late to this video. But when i run the wireguard wg command nothing happens and it has not created the wg0 config file

Hey! I am having trouble running the container for wireguard. Always get an error in the log: s6-overlay-suexec: fatal: can only run as pid 1 Do you know how to fix it? Running it on the x64 portainer on CoreELEC Docker

What is the server URL in the Docker Compose file where did you get that Is that your VM host IP address?

Just a question on the first part where you are talking about expectations, is the "privacy" aspect do to the client browser using a tunnel to the VPN provider's server to exit wit the request to the open internet from a server in another location and then the requests and response go over the VPM to that public brower and back the client browser? So only the VPN provider knows the location an identity of the client browser. After that the client browser has to take care of cookies and other identity issues.? BUT you point on WireGuard is that my wireguard server does not provide that service at all.

perfect thanks

For example:
If i install a PostgreSQL Database in a Docker Container and Install MySQL in another container and I setup WireGuard.
My coworkers can connect to these Databases?
The problem is, that I installed Postgresql and MySQL in docker, but any of my coworkers can't connect to the database, only me, I already opened the ports for each database and shared the IP.

can I deploy wireguard container in docker rootless mode ?

Hi Christian, whats the latest version of docker that I should install instead of 1.26.2?

how can i set expiry time for users? is that possible?

Thank you for the tutorial! Quick question...
Outside of client setup, is there a difference between using wireguard to access resources on home network vs using a SSH tunnel?

I'm using this with mostly auto and default settings, but don't seem to be able to get it working... My SERVERURL is `auto`, SERVERPORT is default (51820), I used a named peer with PEERDNS as `auto`, and left the INTERNAL_SUBNET as the recommended `10.13.13.0`, as well as omitting ALLOWEDIPS (for full access).
It appears that I can connect to it, since running `wg` inside my container shows that I'm connected... But I cannot access any page. I've also made sure to forward the proper port in my router settings, and I don't see anything suspect in my Docker logs. What could I be missing here?