How to Install WireGuard with Docker and Configure Clients for Home Access
WireGuard is an open-source VPN program and protocol developed by Jason A. Donenfeld, now integrated into the Linux kernel. It aims to deliver better performance than IPsec and OpenVPN. It is suitable for home or enterprise use but is not recommended for bypassing network restrictions.
Docker Installation of WireGuard
Manual installation of WireGuard can be tedious. Here, we choose to install WireGuard using Docker. Please ensure Docker is installed, then execute the following command:
docker run -d \
--name=wireguard \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Asia/Shanghai \
-e SERVERURL=xxx.com `#optional` \
-e SERVERPORT=51820 `#optional` \
-e PEERS=1 `#optional` \
-e PEERDNS=auto `#optional` \
-e INTERNAL_SUBNET=10.13.13.0 `#optional` \
-e ALLOWEDIPS=0.0.0.0/0 `#optional` \
-p 51820:51820/udp \
-v /apps/wireguard/config:/config \
-v /apps/wireguard/modules:/lib/modules \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--restart unless-stopped \
linuxserver/wireguard
Parameter Explanation
- PUID/PGID: User ID and Group ID. You can obtain these via the
idcommand in the Linux terminal and modify them to your own IDs. - SERVERURL: The public access address. You can enter a public IP or domain name. If incorrect, it can be manually modified later.
- SERVERPORT: The port used for service listening. Generally, this does not need to be changed.
- Mount Paths:
/apps/wireguard/configand/apps/wireguard/modulesshould be changed to your local mount directories. - PEERS=1: Indicates the number of clients to create. The default is 1, but this number can be modified.
If you prefer deploying with Docker Compose, you can use the following docker-compose.yaml file:
version: '3'
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Shanghai
- SERVERURL=xxx.com
- SERVERPORT=51820 #optional
- PEERS=3 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
ports:
- "51820:51820/udp"
volumes:
- ./config:/config
- ./modules:/lib/modules
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
Client Usage
Android Client
Search for "Wireguard" in the Google Play Store or visit the following addresses (a proxy may be required):
- Google Play Store: https://play.google.com/store/apps/details?id=com.wireguard.android
- F-Droid: https://f-droid.org/en/packages/com.wireguard.android/
After installation, locate the peer1.png image file in your Docker mount directory at /apps/wireguard/config/peer1/. Scan this image with the Android client to import the configuration.
Other Clients
WireGuard clients support all platforms. For Windows and macOS clients, please refer to the official documentation: https://www.wireguard.com/install/.
After installing other clients, you can export the configuration from the Android client (as a compressed package) and import it into the other clients.
Important Notes
- A single WireGuard server (container) can only support one client connection at a time. If you need multiple clients to connect simultaneously, you must create multiple Docker containers.
- If you encounter connection errors, check the logs on both the client and server sides.
Personal Practice
- Set up scientific internet access via the home router.
- Install WireGuard using a Docker container.
- Use DDNS + Public IP mapping.
- Connect to WireGuard via a mobile client (Android) to easily access the home network, while also enabling scientific internet access on the Android device.
Summary
WireGuard uses the UDP protocol, offering excellent performance, but it is susceptible to throttling by ISPs. Additionally, the WireGuard protocol is easily identifiable, making it unsuitable for bypassing network restrictions. However, it is an excellent choice for use as a home VPN.
WireGuard Image: https://hub.docker.com/r/linuxserver/wireguard WireGuard Official Website: https://www.wireguard.com/