Create your own VPN server with WireGuard in Docker

แชร์
ฝัง
  • เผยแพร่เมื่อ 30 พ.ย. 2024

ความคิดเห็น • 257

  • @mpakaboy
    @mpakaboy 2 หลายเดือนก่อน +2

    Given the video is old, it aged perfect, I had no issues or blind spots when following, everything worked like a charm, thank you a lot!

  • @EduardoRodriguez-fu4ry
    @EduardoRodriguez-fu4ry ปีที่แล้ว +10

    I am embarrassed to say that this is the first time I come across with this video after 2 years of trying to fix my Wireguard container! It was super straight forward and explained perfectly so I feel like I have more control on the parameters of the image and wireguard itself! Thank you!

    • @christianlempa
      @christianlempa  ปีที่แล้ว +1

      Thank you so much :) no need to worry!

    • @iamrage4753
      @iamrage4753 ปีที่แล้ว +3

      Hi Christian, could this be used for example having a WG server on a pi 4 with a dedicated residential IP and allowing connection from another device at a different location to appear on the same network to share Neflix? Just wondering?

    • @colepfaff7640
      @colepfaff7640 7 วันที่ผ่านมา

      @@iamrage4753 I know this post is a year old but yes I can confirm this will work for this.

  • @topdecktom
    @topdecktom 3 ปีที่แล้ว +17

    This video was exactly what I was looking for. Very thorough, definitely one of the best videos I've watched for help on projects I am doing.

  • @timfoster5043
    @timfoster5043 10 หลายเดือนก่อน +1

    VERY HELPFUL! I especially appreciate your step-by-step examination of the YAML file. It helped my overall understanding of what's going on with the container.

    • @christianlempa
      @christianlempa  10 หลายเดือนก่อน

      thank you! glad you liked it :)

  • @HannesM04
    @HannesM04 4 ปีที่แล้ว +11

    The docker image looks really nice and also very comfortable to use. Although, I am not sure whether I should be concerned of the fact that the server knows the private key of its clients.

    • @christianlempa
      @christianlempa  4 ปีที่แล้ว +5

      Yea that was also a concern I had. What you can see is that the keys are stored with 600 permissions, so that only the userid which is used in the docker-compose file has read and write permissions on the key. Of course you need to pick a user that is secured and not used by anyone else on the system.

  • @lautzu3196
    @lautzu3196 4 หลายเดือนก่อน

    Very clear and very thorough explanation

    • @christianlempa
      @christianlempa  4 หลายเดือนก่อน

      Glad it was helpful!

  • @MrShiffles
    @MrShiffles 3 ปีที่แล้ว +2

    watched many other YT tutorials (while unsuccessful and banging my head against the wall in failure lol) and then found this....followed your instructions on some aspects but used portainer-ce to create/edit the container...I appreciate you going through each line in the docker-compose file so i could add env/vol variables according to my usage which is being executed in docker on an RPI4...after several container rebuilds I have wireguard running so I can access my home network while i am away! Cheers 😎
    /subscribed

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว +1

      Awesome! I'm glad it helped you :)

  • @ryn022
    @ryn022 ปีที่แล้ว

    Thank you! Much like others, I had been unsuccessful in setting up WireGuard server. But with this video was up and running on my first attempt.

  • @nowhereman5956
    @nowhereman5956 2 ปีที่แล้ว

    This guy knows how it works and his explanation is very clear! Nice video and thanks!

  • @wohtefak
    @wohtefak ปีที่แล้ว +1

    Thanks a lot for your video, Christian! This helped me fixing my Wireguard container in Portainer. It was very helpful that you also showed how the config files look afterwards so I had a reference of the outcome and was able to compare and see what I did wrong (I put my local network address in the internal address field).

  • @eugenethered3060
    @eugenethered3060 3 ปีที่แล้ว +1

    Superb video, I like how you present the info in a clear and concise manner!

  • @KarelPuhli
    @KarelPuhli ปีที่แล้ว

    Top Video! Super transparent erklärt, sehr gutes und leicht verständliches Englisch!!!

  • @jeucedahn
    @jeucedahn 3 ปีที่แล้ว

    I have watch this video many times and and I learn something any time I watch it.
    Thanks a lot man!

  • @fzovko
    @fzovko 11 หลายเดือนก่อน

    Christain another excellent video. Got this running quick :). Thanks brother.

  • @johnh10000
    @johnh10000 ปีที่แล้ว

    All went fine on my Oracle cloud instance then came my wife's... it worked on mine? Said connected, but no internet! Some fool, can't think who, put the allow 51820 into MY ingress rules twice!! Once fixed, all fine. Excellent as usual Christian!

  • @diegomauriciomendozamollin9300
    @diegomauriciomendozamollin9300 หลายเดือนก่อน

    Excellent tutorial, simply awesome, everything works perfectly.

  • @t_Radikl
    @t_Radikl 3 ปีที่แล้ว +9

    Really great stuff! This was so easy to setup and it gave me a chance to start my first docker project. Thanks!!

  • @MitchelCosta
    @MitchelCosta ปีที่แล้ว

    1:15 - 1:55 YES!! I've been saying the same thing for years! VPN providers are using that phrase in advertisements to "protect and secure your data online" near me. While yes, it will to a certain extent, in actuality you're just kicking the can down the road a little bit. Plus, if VPN providers are lying to you to use their service... they shouldn't be trusted with your data!

  • @AndiDarmika
    @AndiDarmika ปีที่แล้ว

    I think I know what I'm gonna do this weekend. Thank you.

  • @theshazman
    @theshazman ปีที่แล้ว

    Christian, because of you, I ditched my Windows server, Blueiris, and WSL and got onto Ubuntu Server, Portainer, HA, Frigate, and the list goes on. Currently I have HA pushing alerts to my phone but I constantly have to turn on Tailscale to receive them. Tailscale does not seem to have any interest in giving us a much needed quality of life feature that allows it to switch on/off based on WiFi SSID whitelist or Mac whitelist, basically, a way to activate VPN when I am away from home and not in my local network. So I want to ditch Tailscale, despite how much I love it, and instead move on to WireGuard as I was told it's able to do that. I would be so grateful if you were to make a simple short video showing us how we can achieve this as it allows us to keep all of our HA config exactly as is and just rely on the client to switch automatically. Thank you and happy new year!

  • @paracha3
    @paracha3 2 ปีที่แล้ว

    The best video i have seen today. Exactly what i was looking for. Thanks

  • @farenhe1t
    @farenhe1t 3 ปีที่แล้ว

    WOW - brilliant video. These instructions worked perfectly the first time. Thank you!

  • @CristianoRonaldoYoutubeee
    @CristianoRonaldoYoutubeee 2 ปีที่แล้ว

    do more of this!! this is amazing

  • @dyxen0769
    @dyxen0769 3 หลายเดือนก่อน

    I am running 2 Wireguard containers, but if you need to cange the standard port from 51820 you need it to change in the wg0.conf file after you set all things up.
    For instance you not want Port 51820 but 51824. You need first change the ports in the docker yaml file. After the deploy you go to the config/wg0.conf and change the "ListenPort = 51820" to "ListenPort = 51824".
    It took me a while to find this out because the changed Port didn't worked but the old one does.

  • @enzocalzone5298
    @enzocalzone5298 2 ปีที่แล้ว

    Thanks! Installing wireguard via docker on a rock64 takes care of so many issues, it's just not worth it installing it manually on that sbc!

  • @mithubopensourcelab482
    @mithubopensourcelab482 3 ปีที่แล้ว +2

    Excellent Video. Sorry mself, to be late on this channel. 1. This could have been done using public IP (vps) for further more clarity.
    2. Can a peer, expose its entire network for other peers ?

  • @leonardosilvasantos5960
    @leonardosilvasantos5960 2 ปีที่แล้ว

    Very Informative, helpful and Educational video! Thx for the tutorial man!

  • @chukwuuchethankgod1591
    @chukwuuchethankgod1591 11 หลายเดือนก่อน

    Thank you for this wonderful video. Please how then would you configure other docker services to route their traffic through the VPN

  • @BulatM
    @BulatM 4 ปีที่แล้ว +1

    Could you please make video how to make our own wireguard docker image.

  • @BobanVelickovic
    @BobanVelickovic ปีที่แล้ว

    In case I forgot to say - Thank you Very much! :)

  • @LisaBug
    @LisaBug ปีที่แล้ว

    thanks man you saved my day

  • @sandspatel
    @sandspatel 4 ปีที่แล้ว +2

    Very cool, but when I distribute it just helps to have a gui interface to add clients. Hope Linux server guys add this soon.

  • @jumpman1823
    @jumpman1823 3 ปีที่แล้ว +1

    Any chance you can make an updated showing how to install behind nginx proxy manager and a domain name?

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว +1

      Hm why would you use NPM with WireGuard? I understand a reverseproxy really just used for web traffic.

  • @SadhamHussainsree
    @SadhamHussainsree 2 ปีที่แล้ว

    your videos are great.Thank you for sharing.
    Keep up the good work.

  • @markokraljevic1590
    @markokraljevic1590 4 หลายเดือนก่อน

    i watched this over 20 times

  • @houseofjax21
    @houseofjax21 2 ปีที่แล้ว

    Great video Christian! Thanks

  • @dimitristsoutsouras2712
    @dimitristsoutsouras2712 4 ปีที่แล้ว +3

    What if someone wants to have the wireguard connection partially made? Meaning he can access his home services remotely but all other traffic comes from his locala connection not the remote one. What lines should someone use there before deploying the image?
    Also by the way the image has been set up there will be always a client named peer1? What if you want to give access to 4 people and you want each client to have different name

  • @CapBuggy-zj5ml
    @CapBuggy-zj5ml 9 หลายเดือนก่อน

    A good tutorial video, but I do not think "chown" is neccssary, because docker project needs "sudo" to run it.

  • @randleqgod
    @randleqgod 3 ปีที่แล้ว

    you are awesome. very easy to understand.

  • @VilleF1N
    @VilleF1N 8 หลายเดือนก่อน

    It would be nice if you made an update to this tutorial using the WireGuard-UI docker container. (I'm not stuck with it or anything... Pretty pls)

  • @flhTK-2012
    @flhTK-2012 2 ปีที่แล้ว

    Works pretty good but not right out of the box if you want to change the port from the default 51820. It can be done of course with some manipulation.

  • @alitehrani934
    @alitehrani934 ปีที่แล้ว

    This is an excellent video, and I was able to set up my WireGuard VPN for 8 users :) The QR code configuration was an extremely easy path for mobile devices. I have had two challenges though:
    1) It was not possible to configure it on any other port but 51820, I think the problem is on the client side (both iOS and Android)
    2) Getting the config file through a QR code was a breeze thanks to your explanations but I am having a hard time with the command like for downloading the config file for MacOS.

    • @christianlempa
      @christianlempa  ปีที่แล้ว

      Thank you! :) yeah it depends on the client if you can change the config, haven’t tested it on macOS yet, but you probably can just import a config file there

  • @crazyoptimist4540
    @crazyoptimist4540 4 ปีที่แล้ว +1

    Yo! It's already here. Thanks man!

  • @Evilizer
    @Evilizer 4 ปีที่แล้ว +1

    Thanks I was able to follow your tutorial and run wireguard! Just wanted to know if I can use my public ipv6 and tunnel that to my clients.

  • @hamhumtube
    @hamhumtube 3 ปีที่แล้ว +1

    Good one thanks.
    ps. Kernel headers don't seem to be available, can't compile the module. Sleeping now. . . ****

  • @shamim4679
    @shamim4679 2 ปีที่แล้ว +1

    I followed everything and I am able to connect to the VPN using the conf file and activate it. However, when I turn on the VPN my issue is that it connects but I don't have internet access. I'm getting a DNS Probe error so I'm sure it has to do with the DNS. I am running this on RP4 with portainer. How can I fix this issue?

  • @nwdsc
    @nwdsc 3 ปีที่แล้ว +4

    Thank you for the great tutorials. I have a couple of questions: 1. Are there any performance or security issues running this as a docker container versus running this bare metal on my system (using something like PiVPN)? 2. How do I configure so I can access local machines on my home network when I am remote? I did watch your recent video about Tailscale but don't like the idea of someone else managing all the configuration. I currently have a PiVPN instance up and running on an x86 machine but can't seem to access local machines when I am outside my home network. I looked at some of the documentation for wireguard and thought it might be related to the INTERNAL_SUBNET config but don't completely understand. Thank you in advance for any assistance you may be able to offer.

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว +3

      Thanks mate! :) 1. No, Docker will give you even more security with nearly zero performance downsides. 2. Yes, it's depending on your WG Server and if it supports forwarding IP packets like described in the tutorial. Also, it may help to set up the containers as network_mode: host.

  • @SkyCrisis
    @SkyCrisis 3 ปีที่แล้ว +2

    Hey, great video! I am really confused on how to get this to work outside my network I can't seem to port forward it and when I try network_mode: host it spits back with some errors

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว

      Maybe check out our Discord for help and share your error messages.

  • @mamad3481
    @mamad3481 ปีที่แล้ว

    Can you post a video about how to tunnel between two vps's or refer me to one?
    i live in iran and i have to use a iranian vps and one from europe to be able to connect

  • @antoninoleone5386
    @antoninoleone5386 4 ปีที่แล้ว +2

    Congrats for your videos, you're very smart! But I cannot catch very well an aspect. Is it necessary to forward port 51820 of my router to Wireguard server in order to gain access from my devices over the internet?
    Can you explain a little bit better this point? Thanks

    • @rmsraph
      @rmsraph 3 ปีที่แล้ว +1

      Yes, you must add a forward rule to the internal IP of your wireguard server.

  • @niklasseron6601
    @niklasseron6601 3 ปีที่แล้ว

    Its working! Thank you, great tutorial!

  • @GENhodgy1971
    @GENhodgy1971 4 ปีที่แล้ว +1

    Very nice.. thanks so much!

    • @christianlempa
      @christianlempa  4 ปีที่แล้ว

      Thank you too!

    • @GENhodgy1971
      @GENhodgy1971 4 ปีที่แล้ว

      @@christianlempa im getting this error when i run the docker exec -it wireguard /app/show-peer 1.... Failed to encode the input data: Numerical result out of range

  • @MatthewG-yq6wd
    @MatthewG-yq6wd 11 หลายเดือนก่อน

    What is the SSH program you are using? It is so clean and comes in dark mode!

  • @hanshammer6208
    @hanshammer6208 4 ปีที่แล้ว +1

    is there a way to add wireguard to ubuntu 20 network manager? Thats where my openvpn ON/OFF toggle used to be and it's quite handy

  • @asa88asa88
    @asa88asa88 2 ปีที่แล้ว

    Hi. Could you make a video about WireGuard client docker? routing and nat.. move other docker traffic thro wireguard container. thank you.

    • @christianlempa
      @christianlempa  2 ปีที่แล้ว

      I thought about it, but I guess it might be better to make a written guide about it rather than a tutorial vid. Maybe you can check out our discord for help if you have trouble?

    • @asa88asa88
      @asa88asa88 2 ปีที่แล้ว

      @@christianlempa thank you for fast respons. Yes I will check discord🙂

  • @thepaxster1
    @thepaxster1 6 หลายเดือนก่อน

    Great Vid. Just a question. Is there any way to add a web interface to this?

    • @christianlempa
      @christianlempa  6 หลายเดือนก่อน

      Awesome! There are services that offer products based on the WG protocol, such as tailscale, netbird, etc. Maybe that's something for you :)

    • @thepaxster1
      @thepaxster1 6 หลายเดือนก่อน

      @@christianlempa lol, was looking for a challenge that I could host on a VPS without tailscale and whatnot. Testing if for a client, but they want a webui to administer it.

  • @mr__kobo
    @mr__kobo 2 ปีที่แล้ว

    Congrats , it is a GREAT VIDEO .
    I Am Using a GLinet Rooter , Now I am at FRANCE , But i Want To Use My NY's IP , From NY I Already HAVE My TP LINK MODEM , And I Just Want To Know How Do I CONFIGURATE It While I am FRANCE And Still Have My IP To NEW YORK please .

  • @amosgiture
    @amosgiture 4 ปีที่แล้ว +2

    Too good. Thanks.

  • @andre.laguerre
    @andre.laguerre ปีที่แล้ว

    Very interesting, but I installed a wireguard server as shown on the video on a VPS to make a tunnel to access internet from another country, but I've no access to internet ? any idea ?

  • @marcelgoestoafrica
    @marcelgoestoafrica 2 ปีที่แล้ว

    Nice Video. 1 Question. When you recreate the container to add more peers do the existing peer tokens are changed?

    • @christianlempa
      @christianlempa  2 ปีที่แล้ว

      I believe they don't, only when you decrease the numer of course

  • @angelorestrepo
    @angelorestrepo 4 ปีที่แล้ว +2

    Will this process work with Torguard wireguard file (key) and or any other provider? I have duo core mini pc with an ssd but one lan. I have a usb Ethernet that works on android could that possibly work? I have fiber from century link that uses pppoe protocol.

  • @charlesrichardson8635
    @charlesrichardson8635 3 ปีที่แล้ว

    Just a question on the first part where you are talking about expectations, is the "privacy" aspect do to the client browser using a tunnel to the VPN provider's server to exit wit the request to the open internet from a server in another location and then the requests and response go over the VPM to that public brower and back the client browser? So only the VPN provider knows the location an identity of the client browser. After that the client browser has to take care of cookies and other identity issues.? BUT you point on WireGuard is that my wireguard server does not provide that service at all.

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว

      This was about VPN Providers (not self-hosted Wireguard), that advertise their services with "Privacy" and "Security". But in my opinion it gives customers a wrong expectation. VPN services provide no additional privacy or security at all, the IP address is litarally the most unimportant way of tracking users, nowadays. I probably should make a separate video on that topic.

  • @1gold4
    @1gold4 ปีที่แล้ว

    Am I correct in assuming that remaking the docker to add more users, rest everybody existing access to the VPN server?

    • @1gold4
      @1gold4 ปีที่แล้ว

      Nevermind I found my answer for this question!

  • @eiliyaabedini
    @eiliyaabedini 2 ปีที่แล้ว

    Amazing, Thank you

  • @brunoteixeira5092
    @brunoteixeira5092 4 ปีที่แล้ว +2

    Hey :)
    Do you previous port forwarding 51820 port on your router and then do this'?

    • @christianlempa
      @christianlempa  4 ปีที่แล้ว +1

      If your wireguard server is behind a NAT device (such as router, firewall, etc.) you need to forward the port to your local wireguard server. But if it's running on a cloud server and your client is behind a router, you don't need to do this as the client will initiate the connection. Note in this scenario it could make sense to add the "keep-alive" packets as I've shown in my previous WireGuard video, that prevents the NAT device from timeout the UDP connection, when you don't send traffic for a longer time. I hope this helps :)

    • @brunoteixeira5092
      @brunoteixeira5092 4 ปีที่แล้ว

      @@christianlempa thanks
      In my case i have to port forwarding ^^

  • @vaitomanocularrypage
    @vaitomanocularrypage 2 ปีที่แล้ว

    Did you known what problem is running here? I only got volume mapping before I map /etc/passwd and /etc/group to container. What did I miss to solve in your sight? Thanxx

  • @gabo_tv
    @gabo_tv 2 ปีที่แล้ว +1

    Hello, switching from wireguard configured on Rasp by pivpn to wireguard on docker, i noticed that i lost PSK on client's configuration. Basically, from a security prospectivy is not good. Do you know if i can improve this feature in docker file? thank you!

    • @christianlempa
      @christianlempa  2 ปีที่แล้ว

      Hey, haven't had this issue before myself :/

  • @Shioku1337
    @Shioku1337 2 ปีที่แล้ว

    I have set it upand scanned the qr code with the wireguard app on my iphone but just nothing happens. well it seems to connect, but no internet traffic what so ever :/

  • @mebeingme947
    @mebeingme947 4 ปีที่แล้ว +1

    Maybe I missed it, but looks to me it only provides internet connection over the docker, without access or further access on the server the way you did the setup. To do so the config needs more adders, such as local pathes etc.to access. I run something similar with openvpn, but with access rights to my files outside the docker.

    • @christianlempa
      @christianlempa  4 ปีที่แล้ว

      The video covers the use case of routing all traffic through the tunnel, so yes it provides an internet connection, but you can also access internal services or internal ressources on the wireguard server. You just need to access the internal IP address of the server, you could also use the "network_mode: host" in the docker-compose file, in this case the docker container wouldn't create an isolated interface on the docker container but instead create a wg0 interface directly on the hostsystem, where you can better deal with routing. So access to internal ressources should work with both methods anyway.

    • @mebeingme947
      @mebeingme947 4 ปีที่แล้ว

      @@christianlempa understand that but I meant files on the same server as docker is installed. When in use for home stations it is likely to run on the same server or nas.

    • @christianlempa
      @christianlempa  4 ปีที่แล้ว

      @@mebeingme947 You could access the files on your host server via smb or scp if you're using the internal IP of the server. The docker container might not be able to access the files directly, but it's just used to open a network connection from the client to the server. Whatever access controls you configure on the host, the client should be able to access it via network protocols.

  • @salexkorsan8790
    @salexkorsan8790 4 หลายเดือนก่อน

    i'm installed wireguard in VPN working fine, but when i access VPS using RDP, internet not working in firefox- and any Browser.
    what do i do ?

  • @jessei.3343
    @jessei.3343 ปีที่แล้ว

    Hi Christian, whats the latest version of docker that I should install instead of 1.26.2?

    • @christianlempa
      @christianlempa  ปีที่แล้ว

      It’s outdated, check the latest version

  • @five04ever
    @five04ever 2 ปีที่แล้ว

    Why do you use the /opt folder? Am I causing issues by keeping my docker folder within my home ~/ folder?

    • @christianlempa
      @christianlempa  2 ปีที่แล้ว

      It's just following the unix naming convention. Nothing bad about using your homefolder! :)

  • @watchfreaxx
    @watchfreaxx 2 ปีที่แล้ว

    Hey! I am having trouble running the container for wireguard. Always get an error in the log: s6-overlay-suexec: fatal: can only run as pid 1 Do you know how to fix it? Running it on the x64 portainer on CoreELEC Docker

  • @hdb779
    @hdb779 3 ปีที่แล้ว

    Really good. thanks but how i see Config Logs?

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว

      What do you mean by Config Logs exactly?

  • @einfacherkerl3279
    @einfacherkerl3279 3 ปีที่แล้ว

    Question: I have 2 machines (n1, n2) exposed on internet (virtual private server) I have few services running on n2 that I want the apps running on n1 to access. now one way is to use SSL/TLS for every service running on n2 so that apps on n1 can connect securely to services on n2. The 2nd option is to create a VPN on n1+n2 and then the apps on n1 can use that VPN IP address to access services on n2 without any TLS configured on n2. However I'm not sure if by creating VPN the regular traffic from internet to both n1, n2 is blocked or changed in anyway? is it the right way to secure servers internal services that we don't want to expose on internet?

  • @r0ck3th76
    @r0ck3th76 2 ปีที่แล้ว

    so if everything is running on the same machine serverurl is then just localhost?

  • @MrSlayerdp
    @MrSlayerdp 4 ปีที่แล้ว +1

    Thank you man ♥

  • @ИльяМансуров-ж8ю
    @ИльяМансуров-ж8ю 4 หลายเดือนก่อน

    I have a VDS. I have 2 public IPs. I want to run 2 Docker containers and have each one use its own public IP. How can I achieve this?

  • @alqods80
    @alqods80 ปีที่แล้ว

    Why not install wireguard on the virtual machine instead in a docker?

  • @IMFGW
    @IMFGW 8 หลายเดือนก่อน

    Music is too loud in some part which is too interfering

  • @tamboleo
    @tamboleo 8 หลายเดือนก่อน

    Hey don't know if you answer the community but do you have a way to install WG in an ubuntu server (that part yes) and then using it on an asus router as a client? I don't want to install WG on the router, first because it disables hardware acceleration and second because my router is not compatible.

  • @nishithupadhyay2371
    @nishithupadhyay2371 3 ปีที่แล้ว

    I created container but I can't diploy that
    Error message is- command not found

  • @roystervi
    @roystervi 2 ปีที่แล้ว

    Hi and thanks for the Vid.
    Everything seem to be up and running in docker. I was able to get the peers and when I run the app, in the logs am not getting a handshake so not internet. anything I can try?

  • @CouldBeElliot
    @CouldBeElliot 2 ปีที่แล้ว

    When you add peer 2 and recreate the container, does it not recreate peer 1 too?

  • @KarelPuhli
    @KarelPuhli ปีที่แล้ว

    Hey Christian, one question. I installed wireguard in docker, like the way you explained in this great video, but docker runs in a lxc in proxmox. It doesnt work. The VPN connection runs, i checked in the wg command. But i have no connection to the internet. Any ideas? Thanks und best regards!

  • @dimaj1
    @dimaj1 3 ปีที่แล้ว

    Thank you for the tutorial! Quick question...
    Outside of client setup, is there a difference between using wireguard to access resources on home network vs using a SSH tunnel?

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว +2

      Thanks buddy :) An SSH Tunnel works a bit different than a VPN, both provide a pretty good and secure solution to transport data. However, I would always use a VPN instead of an SSH Tunnel because it's easier to setup and probably faster than an SSH Tunnel.

  • @metaligh
    @metaligh ปีที่แล้ว

    Is there any way to get the internet working while doing this? We are on a local network with no internet.

    • @christianlempa
      @christianlempa  ปีที่แล้ว

      Instead of routing all traffic through the tunnel using the config AllowedIPs=0.0.0.0, you need to only add the local remote net into the AllowedIPs of your clients config. Hope that helps.

    • @metaligh
      @metaligh ปีที่แล้ว

      @@christianlempa What if I want to access the internet through a remote server that has a docker container with weirgard on it?
      I want to connect as a client to an external server and get internet from there, because that is the purpose of vpn. Not only to access the docker's internal network, but also to access the internet through that network.

  • @cserajesh
    @cserajesh 2 ปีที่แล้ว

    What is the server URL in the Docker Compose file where did you get that Is that your VM host IP address?

  • @AstroTyler10
    @AstroTyler10 ปีที่แล้ว

    How can download the resolvconf package on windows.

  • @MikhailBrel
    @MikhailBrel 3 ปีที่แล้ว

    Hey! Thanks for the video!
    When I add more clients and exec show-peer 2 command I receive "PEER 2 is not active". How can I make it works?

  • @DimitrisChr
    @DimitrisChr 3 ปีที่แล้ว

    Excellent video! I was having a hard time with wireguard but on docker this is a breeze. One question though. My home IPs are 192.168.1.* range. When I am at a friends house connected to his wifi which also has IPs in the 192.168.1.* range (which is the most common setup in most houses) and I connect to my wireguard server at home I can't browse my home's local network where my NAS is located. When I use my phone and connect to 4G and then wireguard I can browse the local network just fine. I assume there is some issue when the local network and the network being used to provide the wireguard client internet access is on the same IP range. Is there a solution for this or do I have to change my home IP setup to use something different than 192.168.1.* Thank you.

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว

      Thanks mate! Managing VPNs with same subnets on 2 different locations is tricky, there are solutions like 1 to 1 NAT which work, but it's not trivial to setup. The easiest way is to change the subnet on one location to something else.

  • @josephsantos1783
    @josephsantos1783 3 ปีที่แล้ว

    For example:
    If i install a PostgreSQL Database in a Docker Container and Install MySQL in another container and I setup WireGuard.
    My coworkers can connect to these Databases?
    The problem is, that I installed Postgresql and MySQL in docker, but any of my coworkers can't connect to the database, only me, I already opened the ports for each database and shared the IP.

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว

      I don't know what's wrong with your setup, but you should check if packets from the wireguard VPN are routed correctly to the docker network.

  • @csadmirer8515
    @csadmirer8515 3 ปีที่แล้ว

    Nice work , one doubt I have is that I am implementing this on my Ubuntu 18.04 terminal ,so the server part is done ,how to do the client par on the same OS ?

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว

      I have done another video on WireGuard on Linux, you can use the same docker container as a client as well, or just use this tutorial: th-cam.com/video/bVKNSf1p1d0/w-d-xo.html
      Hope that helps :)

  • @Phamine
    @Phamine 2 ปีที่แล้ว

    Cant get it to run with the Asustor NAS. I don't think I can install the kernel module

  • @hAxelS
    @hAxelS 2 ปีที่แล้ว

    Hi, im kinda late to this video. But when i run the wireguard wg command nothing happens and it has not created the wg0 config file

    • @christianlempa
      @christianlempa  2 ปีที่แล้ว

      Check if the kernel modules are installed and loaded

  • @davidyoung623
    @davidyoung623 3 ปีที่แล้ว

    I'm using this with mostly auto and default settings, but don't seem to be able to get it working... My SERVERURL is `auto`, SERVERPORT is default (51820), I used a named peer with PEERDNS as `auto`, and left the INTERNAL_SUBNET as the recommended `10.13.13.0`, as well as omitting ALLOWEDIPS (for full access).
    It appears that I can connect to it, since running `wg` inside my container shows that I'm connected... But I cannot access any page. I've also made sure to forward the proper port in my router settings, and I don't see anything suspect in my Docker logs. What could I be missing here?

    • @christianlempa
      @christianlempa  3 ปีที่แล้ว

      Just check out our Discord and put your config and logs there, maybe we can help you :)

  • @Crazy--Clown
    @Crazy--Clown 3 ปีที่แล้ว

    Thnx Fritz

  • @malty.
    @malty. 2 ปีที่แล้ว

    Great video thanks for posting. I've set this up on the Free Tier of the Oracle Cloud service and it works great. The only issue I am running into is not being able to pull down the .conf files for the different peers. I am able to show the QR codes for each one (fine for IOS devices) but I need a .conf file for another machine and I get permission denied when I try to copy it to local machine. I think it might be the chown command of the opt/wireguard-server directory but I'm a noob at linux and can't tell?

    • @sevindis
      @sevindis 2 ปีที่แล้ว

      I just copy the text in it. Less of a hustle.

  • @voxmor
    @voxmor 4 ปีที่แล้ว

    When I deploy wireguard in a docker container, my true Public IP address leaks. I don't really understand why...
    I used the same Configuration as on the video.
    I use wireguard in raspberry pi, along with a 3cxpbx. The idea was to be able to make calls from anywhere (maybe this is a weird way to do it, don't hesitate to tell :) )

    • @christianlempa
      @christianlempa  4 ปีที่แล้ว

      Don't know :/ but you could try to insert the public IP manually or use dyndns

  • @Antiphont
    @Antiphont 4 ปีที่แล้ว +1

    I would like to use wireguard server in a Docker. I do have wg server and client installed on Ubuntu. However, I cant connect to internet with VPN. May be because both server and client are installed on one machine (Ubuntu 18.04). I'd like to try wg server in Docker and client on Ubuntu. Should I first remove the wg-server.conf and wg-client.conf I have right now from /etc/wireguard/ before I'll start to install wg server in the Docker?

    • @christianlempa
      @christianlempa  4 ปีที่แล้ว

      I think the problem is because you're running it on the same machine. It could be a routing problem because you're somehow creating an infinite loop or something else. Better install a separate machine in a virtual environment and use this as your test-setup.