For the container to work correctly, the host OS must have the necessary kernel modules. Check this:
$ lsmod | grep wireguard$ docker run -d --name wg0 --privileged -p 32500:32500 -e OUTPUT=LOG \
coffeeit/wireguard
# Show QR code for mobile client configuration
$ docker logs wg0Install Wireguard App for android
Since, to establish a connection using a public and private keys, I see several possibilities for delivering them to the client:
After launching the container, the < /etc/wireguard/config > directory will already contain all the necessary files to configure the client. The easiest way to get access is:
$ docker run -d --name wg0 --privileged \
-v /your/custom/path:/etc/wireguard/config:rw \
-p 32500:32500 coffeeit/wireguardENV OUTPUT This method writes into the logs QR codes that can be scanned by the Wireguard application (Android). I think this is the best solution if you use a VPN from a mobile phone.
$ docker run -d --name wg0 --privileged \
-e OUTPUT=LOG \
-p 32500:32500 coffeeit/wireguard
$ docker logs wg0#Server config
docker exec [CONTAINER] cat /etc/wireguard/wg0.conf
#Client config
docker exec [CONTAINER] cat /etc/wireguard/config/client_{№}.confIt will be determinate by env {ROLE} and can take two values - SERVER or CLIENT. for examlpe:
$ docker run -d --name wg0 --privileged -e ROLE=SERVER \
-p 32500:32500 coffeeit/wireguardThe using of the <> value assumes the definition of the configuration name to be run. Name must be specified without extension, e.g. "user1.conf" become "user1".
$ docker run -d --name wg0 --privileged -e ROLE=CLIENT -e NAME=user1\
-p 32500:32500 coffeeit/wireguardUse to specify the number of service users. By default, the CLIENTS=1 and maximum is limited to 253 on the same network.
$ docker run -d --name wg0 --privileged -e CLIENTS=7 \
-p 32500:32500 coffeeit/wireguardUse to specify the IP address of the server. This IP will be used by clients to connect. By default, the script will determine your external IP address and use it to clients. This can be useful if the server is inside the network behind a firewall.
$ docker run -d --name wg0 --privileged -e IP=192.168.1.1 \
-p 32500:32500 coffeeit/wireguardUse to specify the PORT of the server. This parameter will be used by clients to connect. This port will also be listened to by the server. By default used PORT 32500. This is useful when you are using a key --network host
$ docker run -d --name wg0 --privileged -e PORT=55555 coffeeit/wireguardYou can also use the standard Docker functionality:
$ docker run -d --name wg0 --privileged -e IP=192.168.1.1 \
-p 55555:32500 coffeeit/wireguardIf you want to use this container as part of your permanent infrastructure, you should set it to restart automatically when Docker restarts or if it exits. This example uses the --restart=always flag to set a restart policy for the container.
| Start container "wg0" in background in privileged mode | Choice of role |
$ docker run -d --name wg0 --privileged -e ROLE=SERVER \ | - Set server IP for clients - | - and server port - | - for 7 VPN users - | - I'll take conf from console - |
$ -e IP=192.168.1.1 -e PORT=55555 -e CLIENTS=7 -e OUTPUT=LOG \ | ------------ mount the configuration directory ------------ |
$ -v /your/custom/path:/etc/wireguard/config:rw \| -- publish port -- | --- image --|
$ -p 55555:32500 coffeeit/wireguard- add / remove users without full cleaning
- More users on the same subnet
- Client setup - implementation of 5 Sept, 2018