Wireguard is without a doubt one of the best VPN Implementations out there. to quote the Wireguard website

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be fastersimpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

wireguard.org

It can however be a bit of a pain to set up..

This however is the Internet, and just like Dinosaur DNA in Jurassic Park, “the Internet will find a way”

Step forward wg-easy on GitLab

https://github.com/WeeJeWel/wg-easy

So this is basically a Docker container which sets up Wireguard, provides a web interface for managing accounts and makes your life easy.

Step 1 – Install Docker

Head over to https://docs.docker.com/get-docker/ and choose your OS, follow the instructions then come back here

or as the wg-easy website states

curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $(whoami)
exit

Step 2 – Install wg-easy

Setting up the wg-easy docker container is pretty simple and can be done by a docker run command.

docker run -d \
  --name=wg-easy \
  -e WG_HOST=🚨YOUR_SERVER EXTERNAL_IP \
  -e PASSWORD=🚨YOUR_ADMIN_PASSWORD \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  weejewel/wg-easy

So what does all this mean?

–name=wg-easyThe name of the docker container we are about the build
-e WG_HOSTyou’ll need to add the public (not NAT) IP you’ll be connecting to from the internet here.
-e PASSWORDThis is the password for the admin web interface
-v ~/.wg-easy:/etc/wireguardthis mounts the folder /etc/wireguard in the docker container onto the folder /home/<username>/.wg-easy on your host.
-p 51820:51820/udpThis is the UDP port Wireguard will connect to on the WG_HOST IP Address
-p 51821:51821/tcpThis is the TCP Port you open the Web Interface internally on (don’t access this from the internet)
–cap-add=NET_ADMINSetting up the Docker Network Module
–cap-add=SYS_MODULESetting up the Docker Network Module
–sysctl=”net.ipv4.conf.all.src_valid_mark=1″setting up a sysconfig entry to allow IP Source addresses
–sysctl=”net.ipv4.ip_forward=1″ Sets up port forwarding on the docker nic
–restart unless-stoppedUnless we run the docker stop command for the container the container will restart if it has a problem
weejewel/wg-easyname of the docker repo

Having run the command if successful you should see the running container using

docker ps -a

Depending on your Distro you may need to use firewalld, iptables or ufw to open port 51821/TCP once you do the web interface is accessible via

http://server name or ip:51821

Shows

Step 3 – Open up your Wan (the only hard bit)

This is something I can’t help with you’ll need to know your own network and understand how port forwarding works if you’re doing this at home or firewall works if you’re hosting on a cloud provider.

What you need to do is allow from your public facing IP address anything which comes in on 51820/UDP to have its traffic passed to the server wg-easy is installed on or none of this will work.

Step 4 – Add a device

Login to the Web Interface

Click on New in the top right.

Give the new client a name and click on create

The Newly created endpoint will appear in the list and you have the option to either use a QR code or a config (.conf) file to install on the phone or laptop you want to run Wireguard on to connect to the server.

Thoughts

Thats it, there are many ways to get Wireguard up and running, if you search this site I’ve covered a couple of others on this blog. This however is the easiest way to do this if you need to manage all but a few accounts.

Go say thank you to the developer..

By davidfield

Tech Entusiast