Effortless Wireguard Installation with Docker and Portainer | Zimaboard Server Series

Thanks!

Thank you kind sir!

Thx

Thanks! Worked 15/12/2023

thank you!

Thanks! It's getting to a point where if I needed to explain each step in detail for every video I am sure everyone would full asleep haha! Glad you don't mind me referencing them instead.

No problem 👍

ok i was using latest, let me try again, will report back

k didnt' work, same problem... "Handshake did not complete after 5 seconds, retrying"
it just keeps spitting that out over and over.

My issue is that it kicks my computers off the internet and NEVER connects to my home network at all. Any clues on that one? @@mrosebro

Appreciate it! I am enjoying the Zimaboard series

you can try No-IP for updating your public ip .... hope it isn't too late :D

If you don’t have a static then yeah that will need to be updated when your up changes. I think services like noip or freedns can help here

Thank you for your response. A follow up questions I have a unify dream machine pro, I created two wireguard vpns and im having the same issue with both, one i created in through the unify os, the other following your instructions on docker wireguard portainer. I can connect my devices vpns works fine then in about a day they stop working, i have to delete the clients and add them again then it works again for about a day then does not work any more. Since its happening on both, i think its a setting my my router or firewall. The port in the instruction i have portforwared, and it does work for a day , then i have to delete the clients add them again then it works but only temporary and i have to rinse and repeat. I have looked everywhere and i have no idea what to do or in what direction to look for a solution. I went for my unify wireguard, to making a pivpn raspberry pi, to making this portainer docker wireguard, they all work then stop working and i know my ISP public address is the same, any help i would appreciate so much. Thank you.
@@Techdox

@@Techdox exactly

Hey! There's a bit to unpack here so let me try answer what I can :_
The '0001-01-01 00:00:00 UTC' Last Handshake time often indicates that there's an issue with the Wireguard connection. It's possible that the handshake is not being completed properly.
So, you have a Proxmox VM which at the moment can already reach the internet etc and you have it connected to a peer, what is the peer?
Once you switch the VPN on you lose internet access? If so this indicates again that the VPN config is wrong or you have not port forwarded correctly?

Hey@@Techdox , Thank for the quick reply. Yes, you are right, I have a Proxmox VM which can ping any ip/domain on the internet. A peer(an iOS device) is connected to the VPN. When I switch on the VPN, for example I can chat using Facebook messenger, but I cannot make a call, nor can I browse the internet using the phone. Could this be a port forward issue?

Hey @@norberttamas2545,
I had the same issue. I removed the POST UP and POST DOWN script and now it works.

This comment saved me tons of hours debugging! Thank you !

Same here

there is a github issue for this problem, I don't understand why it's not working. please if you find a workaround let us know

Could someone break down the issue for me so I can try reproduce it and look for a fix?

@@Techdox think its linked to docker-wireguard config files changing location to /config/wg_confs/. I got it working by using an older version of docker-wireguard before that update that occurred around 3 weeks ago. Appears wireguard-ui hasnt been updated to include the new path or something

@@jamiei543 Thanks! Will look into this tonight!

Key things to check, you’re using the recommended WG image, you have port forwarded the correct port and when adding the post up and down scripts you saved it but also clicked apply in the top right corner

The Public IP used is you home public IP but if you setup a QR code etc to link to your VPN it should have all the config already defined for you

As long as you are connecting to the IP address of the server running the containers, that's all you should need. Wireguard also does not require the GUI frontend, so if it causes more issues then not maybe looking at going without the GUI

Same issue here. Was looking through changes with a friend on this and it seems Wireguard may have made some change to the config file location, but haven't investigated further yet.

Same thing happened to me. Have you figured out how to log in?

@@PauloRobertoFh I ran the Nyr/wireguard-install script from Github (commenting out some of the error checking for Distro & Version) and that seemed to solve the issue. I have not been able to test it because I rent my gateway/modem from Comcast & and am waiting for them to let me port forward :/
The commented out section was line 23 through 41, not commenting out the os="debian" line (because that is my distro). I also comment out 54 through 58; you may have to comment out different lines depending on your distro.
At the end of the script I got an error, but I am hoping it was not significant.

Sorry, it probably was not obvious, but I had to connect to the console for the Wireguard docker instance, run vi (vi wireguard-install) to paste the script into a file (i for insert, right-click to paste, (esc), :wq to write & quit), then make said file executable (chmod +x wireguard-install), and run the script file (./wireguard-install). Follow the prompts.
For commenting out, place a # at the beginning of the line...or simply delete that line.

This is just setting up the server, on your exisiting vpn server just add your pi as a client :)

linuxserver/wireguard is the actual wireguard service, without it you would just have a frontend UI that could do nothing.

For all my domains, I use paid domains, such as techdox.nz elzim.xyz etc

@@Techdox Nice, I set this up with your video and its been working like a charm bro. Thanks for this. Always wanted to setup a VPN so I can access my Navidrome instance, and its been so sick to access a Spotify clone wherever.
If I wanted to use my own paid domain instead of the default public one, what setting would be changed to handle this to point it to a site's DNS? Rather, how do you handle DNS for your private sites?
Don't need any personal configs etc, just curious for the workflow.

Manually, this is why static IPs or using a server such as noip are the way to go

@@Techdox do you by chance have a video on that?

It has been requested a bit, so I will add it to my video list on how to use NoIP

Confirming you read the posted note and the documentation?

@@TechdoxI have the same problem with wireguard-UI (unrelated to wireguard image v1.0.20210914-ls7 thing), it has more options than what we see in your video, for example there is also a "Pre Down Script" field now, as well as new fields in client settings. UI Status page doesn't see my phone when I connect, no errors showing in containers logs.
Also does this method not need a domain ? I thought I read somewhere we needed one to use wireguard. I would actually like to use one to try and hide my ip since I already have a home server with some stuff hosted with my domain going through nginx reverse proxy

@@Arc.M Seems this video is getting more and more outdated by the day. might need to look at re-doing this

@@Techdox I try the wireguard-ui version ngoduykhanh/wireguard-ui:0.5.2 and is the same of the video, and using the wireguard version v1.0.20210914-ls7 , I can enter but I still can not make the connection.

I am installing it in a vps

Hey you most likely found out why but are you running an internal docker registry? These run on port 5000

Yeah, this is a common issue with a new change it seems, there’s a comment thread below where someone has used an older version and it’s worked

@@Techdox aaaaah the Amazing world of open-source communities! Thanks a lot for the answer anyway.

NGINX Reverse Proxy Manager? The DuckDNS I would need to look into, I have a static IP as managing a dynamic IP became a pain for me. But good question, I'll look into it

Thanks

Sorry for the late response, did you sort it?

You will need to setup so WireGuard knows to use that DNS in the config. So in the DNS options point it to for example your Pihole or what ever is running your local dns

You raise a good point around DNS and having a static IP. I forget about this since I have a static IP address setup at home.
I think I will cover how to use the freeDNS etc to get a 'static' ip address so our community can follow these guides without issues.

Did you end up testing this?

Hey, so the compose file can be deployed directly via the command line using docker like I have shown in many of my videos, in this example we deployed it using Portainer which is still using docker.
If you have the compose file you can run docker-compose up -d to deploy it

This is something I have heard twice now, I’m running this VPN in the exact same setup. I’m going to have a look into this and see if there is any difference between this setup and what I have

So, I ran through this from start to finish and got my connection working fine with Google and internal addresses.
In my documentation - bookstack.elzim.xyz/books/self-hosting/page/wireguard-docker-setup, did you do the IP tables section? The post up and post down, and also apply the config which requires a Wireguard restart, it does it for you though.

@@Techdox - yeah, I copied and pasted so it should have been fine. I can only think now that I may have done somethings as root by accident which is stopping things getting updated. Will tear it all down and start again - I've been trying someother things too. If I just run wireguard container by itself I could get everything working... but then didn't have the nice gui.

@@Greeata yeah, can always install it via CLI rather than a container or use PiVPN maybe. Few options but yeah, my guide should be start to finish without any extra steps

@@Techdox - It may have been the iptables thing that did me in. I'm doing this on a raspberry pi4 and when I did it from the command line with a docker-compose.yml file it didn't have any of the post up/down stuff (firewall stuff I'm guessing). I just took my old working yml and then stitched on the ui part onto it and it seems to be working. Thanks for the tips! appreciate it.

Hey, check out my latest video, it’s the pinned comment. I remade the video as this is getting outdated

Hey what issue are you hitting exactly?

@@Techdox I finally figured out that for some reason the gui didn't apply the post up post down commands correctly. So I ended up being able to connect to the vpn, but I had no network. When using the version you specified in your docs, it finally applied the commands to the config and now seem to work. I forgo to update my comment. Spent a good few hours trying to figure that out, then I decided to follow your written guide step by step and that seemed to work, so I thank you for the tips about potential issues in the latest build.

That's interesting, feel free to join the Discord if you have it and we can help you there - Discord Channel - discord.com/invite/8mX2KRxDw8