Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ADD: WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. #577

Open
wants to merge 11 commits into
base: main
Choose a base branch
from

Conversation

bcurran3
Copy link
Contributor

@bcurran3 bcurran3 commented Aug 16, 2022

What this PR does / why we need it:

Adds WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.

Which issue (if any) this PR fixes:

Fixes #

Any other useful info:

I've been using this container over a year (or two?). Recently I read about another image that has a web configuration front end built into it that I will eventually check out and possibly relace this image with.

@bcurran3 bcurran3 changed the title WIP: wireguard add ADD: WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. Aug 16, 2022
@bcurran3
Copy link
Contributor Author

NOTE: I'm considering changing the image to weejewel/wg-easy but there is another container that just provides a web UI w/o that appears to be generic to work with any WG container. So I'm going to do some testing and see what I think will end up working best (easiest) for most users

@bcurran3 bcurran3 changed the title ADD: WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. HOLD: ADD: WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. Aug 21, 2022
@davestephens
Copy link
Owner

Hold / add ? What am I doing with this? Is this ready for review? If it's not ready, please close the PR until it's ready to go. 👍

@bcurran3
Copy link
Contributor Author

It is ready to go as is, but I DO want to evaluate a different image and request it be on hold until I update.

@davestephens
Copy link
Owner

Ok, so it's not ready then.

@bcurran3 bcurran3 changed the title HOLD: ADD: WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. ADD: WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. Aug 22, 2022
@bcurran3
Copy link
Contributor Author

bcurran3 commented Aug 22, 2022

Ok, so it's not ready then.

Incorrect. Moot now. You know there are older PRs ready to go that you could be reviewing... some are over two years old that have gone unreviewed.

After about a year and a half of using the linuxserver image with no problems other than some initial configuration hassles, I've tested, evaluated, and decided that the weejewel/wg-easy image is going to be much easier for the average person to setup and administer. So I changed the image and everything related to it.

With the possible exception of you personally having an issue with the placement of the TZ container variable...

image

@georgejung
Copy link

georgejung commented Feb 5, 2023

Hi I tried to use this to get wireguard up and running but ran into some problems. at first the playbook wasn't working, i think due to ansible dns variable which I dont have defined anywhere. I tried using 1.1.1.1 instead. Then once the container created, I was getting wg0 errors in the container log.

I added to the tasks to incorporate below and that gets me to the web interface with seemingly no errors in the docker log. But I couldn't seem to get a connection actually working.

cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1

They key seemed to be the DNS. I changed this from 1.1.1.1 to the ip of the router (192.168.1.1 for many) that my ansible-nas is attached to and it seemed to work. After that I was able to connect to local apps such as heimdall running on my ansible-nas. I couldn't get out to the internet through the tunnel. Possibly some tweaks to WG_POST_UP & DOWN are needed? Maybe its a firewall issue.

I set default address to 10.8.0.1 and then made my clients 10.8.0.2 and 10.8.0.3. They key is to not use any ips that are in use on your network, or are popular on other networks.

I am not sure if I understand traefik's role in this. I can access the webui from outside but is that the only point of putting the behind traefik? I tried adding an entrypoint in my traefik.toml for udp on port 50821 but ended up taking it out in the end. I did read some had confgiured UDP to go through traefik but it doesn't look like you did this here right?

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants