Pages

Friday, December 24, 2021

Notes when installing WireGuard VPN with Docker (Portainer) and wg-easy

Here are some notices when attempting to install a secure and fast VPN with WireGuard.

- WireGuard and Outline are both great, easy to install on both servers and clients no matter what. If you are familiar with Docker, you can deploy it with a few clicks.

I tried to give WireGuard a shot. The most elegant way to deploy a docker-based container is by implementing Portainer. FYI, Portainer is built by Auckland guys.

PORTAINER WAY: You can simply hit some clicks to customize the ports and configure authentication with Portainer. The docker image on the Docker hub is given below: 

https://hub.docker.com/r/weejewel/wg-easy

COMMAND LINE WAY: You can also install docker using the command `docker-composer up` as usual if you prefer to terminal. The nice thing is that you can also do that within Portainer. So Portainer wins, definitely.

https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml


Image: I installed Dante shock5, Outline, and WireGuard on the same, cheap VPS

Noted that you should open two ports 51821 (TCP) and 51820 (UDP) for VPN. You can find this detailed information in the file docker-compose.yml mentioned above.

      - "51820:51820/udp" ----> CRITICAL INFORMATION SHOULD BE NOTED

      - "51821:51821/tcp" ----> CRITICAL INFORMATION SHOULD BE NOTED

You also need to replace your public IP address within the file docker-compose.yml.

It appears that wg-easy cannot be installed on an ARM-based chip. As far as I know, go-lang seems not wholely support this kind of CPU.

My first impression is that it runs really fast and it is easy to configure WireGuard on mobile devices. So after logging to WireGuard via port 51821 (say http://your_public_id_address:51821), you can CRUD a new profile and then give it to your friends if you wish.

Yet, installing WireGuard as a client on Ubuntu seems to take time. Here are some links: 

 https://www.thomas-krenn.com/en/wiki/Ubuntu_Desktop_as_WireGuard_VPN_client_configuration

https://tech.serhatteker.com/post/2021-01/how-to-set-up-wireguard-client-on-ubuntu-desktop/

Todo list: I am thinking about installing nginx proxy manager to manage WireGuard via accessing a real domain. But it does not matter much. FYI: WireGuard is really fast and does not take much CPU or RAM.


PS: It seems that using the traditional method (command-line based) with docker-compose up -d is the workable way to install WireGuard. Then I used Portainer to manage it with a breeze. Normally Portainer serves me pretty well but somehow this time I cannot install WireGuard via this great UI tool frequently used to manage docker. Yet, I can still use this for monitoring WireGuard.

FYI: You might need to add MU value to the server's configuration as discussed here, another one and there.

MTU = 1280 (client, say Ubuntu desktop)

[Add the line MTU = 1280 in the wireguard server interface at: /etc/wireguard/wg0.conf if you are using Ubuntu server]

Updated: I can now install WireGuard with Portainer. You might need to make some changes regarding the right to trigger WireGuard. So NET_ADMIN should be granted.

Updated: Installing Wireguard on Ubuntu client is much much easier than I think. 

1) First, download the configuration file from WireGuard UI above.

2) Install WireGuard on the Ubuntu client.

3) Rename the file above to wg0.conf and put to /etc/wireguard/wg0.conf'

4) Run sudo wg-quick up wg0

5) Check your newest IP with ip2location.com or through sudo wg

Don't forget sudo wg-quick down wg0 if you want to turn the VPN off.

Updated: Watchtower is not recommended to use just in case you want to update docker as it breaks the configuration. 


No comments:

Post a Comment