Wireguard


Install

  • Docker Compose

    • version: "2.1"
      services:
      wireguard:
      image: lscr.io/linuxserver/wireguard:latest
      container_name: wireguard
      cap_add:
      - NET_ADMIN
      - SYS_MODULE
      environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - SERVERURL=wireguard.kbve.com #Set the server URL
      - SERVERPORT=51820 # Default UDP Port
      - PEERS=4 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - LOG_CONFS=true #optional
      volumes:
      # CD to ~ and create a folder named wireguard. This is where you should store all your information.
      - /home/username/wireguard/config:/config
      - /lib/modules:/lib/modules
      ports:
      - 51820:51820/udp
      sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      restart: unless-stopped
      view raw docker-compose.yml delivered with ❤ by EmGithub
      This is a docker compose for wireguard.
  • Ubuntu Installation Guide

    • Core Pre-Installation
      • Make sure your docker install is setup! If you need more information, please visit our Docker application page.
      • Check your firewall, are you using ufw , iptables or nftables
    • Firewall
      • Wireguard will be operating on the UDP port of 51820.
      • For: ufw
        • To enable the port through ufw run sudo allow 51821/udp

Netmaker

  • Netmaker is a Wireguard automation application that handles self-hosted homelabs to small business / enterprise networking.
  • Official Github Repo

Netmaker Install

  • Advance install for netmaker allows the setup of a highly available installation within Kubernetes through helm.

  • The default settings may not install wireguard at the kernel level (for security reasons) and default to Postgres for storage.

    • Not having kernel level wireguard may cause performance drops and they recommend that you install wireguard before beginning.
  • Helm Install Commands:

    • helm repo add netmaker https://gravitl.github.io/netmaker-helm/
      helm repo update
    • If you do not have helm or kubernetes setup, we recommend you visit our kubernetes setup.

  • The storage of the certificates will be an issue for this netmaker cluster, they recommend two types of storage classes:

    • RWO - Read Write Once - Storage instance where only a single node is allowed to access the storage volume at a time for read and write access.
    • RWX - Read Write Many - Storage instance where many nodes can concurrently read and write to the storage volume.