mirror of
https://github.com/pcvolkmer/docker-wireguard-boringtun.git
synced 2025-04-19 21:36:49 +00:00
122 lines
3.2 KiB
Markdown
122 lines
3.2 KiB
Markdown
# WireGuard docker image using BoringTun
|
|
|
|
WireGuard docker setup using BoringTun.
|
|
|
|
## Overview
|
|
|
|
This project provides a docker image to create a simple personal WireGuard VPN using BoringTun.
|
|
|
|
Using BoringTun enables the use of a userspace implementation on hosts that do not provide a WireGuard kernel module.
|
|
|
|
Required configuration files will be generated on first run using environment variables. Client configurations are
|
|
available as config files and QR codes.
|
|
|
|
## Build
|
|
|
|
When creating the image, BoringTun is compiled in a docker build stage and later copied into final image.
|
|
|
|
```
|
|
$ docker-compose build
|
|
```
|
|
|
|
## Run
|
|
|
|
Customize the file `docker-compose`. You can change the following environment variables as needed
|
|
|
|
* `DEVICE`: Some `tun` device, defaults to `tun0`
|
|
* `SERVER_HOST`: The host name of your server
|
|
* `SERVER_PORT`: The port the service should listen at
|
|
* `NETWORK`: Some custom /24 network. Defaults to `192.168.42.0`
|
|
* `MTU`: MTU to be used. Use default wireguard MTU if not set.
|
|
* `CLIENTS`: Number of clients for which configurations are to be created. Do not use more than 240 clients.
|
|
* `DISABLE_FORWARD_ALL_TRAFFIC`: Use `true` or `yes` to not add iptables rules and do not forward all traffic.
|
|
|
|
If a required environment variable is not set, config creation script will end with an error.
|
|
|
|
### Create config files
|
|
|
|
Run the service to create required keys and config files in directory `config.d`. It will print out used configuration params.
|
|
|
|
```
|
|
$ docker-compose run wg init
|
|
|
|
Starting wireguard_wg_1 ... done
|
|
Attaching to wireguard_wg_1
|
|
wg_1 | - Writing config to file tun0.conf
|
|
wg_1 | - Using endpoint hostname example.com
|
|
wg_1 | - Using port 51820
|
|
wg_1 | - Using network 192.168.42.0/24
|
|
wg_1 | - Using default MTU
|
|
wg_1 | - Forward all traffic
|
|
wg_1 | - Generating 5 client configs and client QR codes
|
|
wireguard_wg_1 exited with code 0
|
|
```
|
|
|
|
To disable traffic forwarding set `DISABLE_FORWARD_ALL_TRAFFIC` to `true` or `yes` or use
|
|
|
|
```
|
|
$ docker-compose run wg init --no-forward
|
|
```
|
|
|
|
### Start the service
|
|
|
|
Start the service in detached mode.
|
|
|
|
```
|
|
$ docker-compose up -d
|
|
```
|
|
If creation of config files was skipped, configuration files will be created on first start.
|
|
|
|
### List server and client configs
|
|
|
|
```
|
|
$ docker-compose run wg ls
|
|
```
|
|
|
|
### Add new client
|
|
|
|
Stop the service and run
|
|
|
|
```
|
|
$ docker-compose run wg add
|
|
```
|
|
|
|
This will create new client configuration and adds peer configuration to server config file. Restart service.
|
|
|
|
### Remove client
|
|
|
|
Stop the service and run
|
|
|
|
```
|
|
$ docker-compose run wg rm 1
|
|
```
|
|
|
|
This will remove client with id '1' (or any other client for different id) configuration. Restart service.
|
|
|
|
### Show client config
|
|
|
|
Run command to show client configuration and QR code.
|
|
|
|
```
|
|
$ docker-compose run wg show 1
|
|
```
|
|
|
|
### Remove configuration and create new one from scratch
|
|
|
|
Stop the service and run the following command to remove existing config files.
|
|
|
|
```
|
|
$ docker-compose run wg purge
|
|
```
|
|
Reinitialize configureation
|
|
|
|
```
|
|
$ docker-compose run wg init
|
|
```
|
|
|
|
Restart service.
|
|
|
|
## Client configurations
|
|
|
|
You will find client configuration files for each client as config file and PNG file containing a QR code with
|
|
client configuration in directory `config.d`. |