ADD: WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. #577
Conversation
bcurran3
changed the title
|
NOTE: I'm considering changing the image to weejewel/wg-easy but there is another container that just provides a web UI w/o that appears to be generic to work with any WG container. So I'm going to do some testing and see what I think will end up working best (easiest) for most users |
bcurran3
changed the title
|
Hold / add ? What am I doing with this? Is this ready for review? If it's not ready, please close the PR until it's ready to go. 👍 |
|
It is ready to go as is, but I DO want to evaluate a different image and request it be on hold until I update. |
|
Ok, so it's not ready then. |
bcurran3
changed the title
Incorrect. Moot now. After about a year and a half of using the linuxserver image with no problems other than some initial configuration hassles, I've tested, evaluated, and decided that the weejewel/wg-easy image is going to be much easier for the average person to setup and administer. So I changed the image and everything related to it. With the possible exception of you personally having an issue with the placement of the TZ container variable...
|
|
Hi I tried to use this to get wireguard up and running but ran into some problems. at first the playbook wasn't working, i think due to ansible dns variable which I dont have defined anywhere. I tried using 1.1.1.1 instead. Then once the container created, I was getting wg0 errors in the container log. I added to the tasks to incorporate below and that gets me to the web interface with seemingly no errors in the docker log. But I couldn't seem to get a connection actually working. cap_add: They key seemed to be the DNS. I changed this from 1.1.1.1 to the ip of the router (192.168.1.1 for many) that my ansible-nas is attached to and it seemed to work. After that I was able to connect to local apps such as heimdall running on my ansible-nas. I couldn't get out to the internet through the tunnel. Possibly some tweaks to WG_POST_UP & DOWN are needed? Maybe its a firewall issue. I set default address to 10.8.0.1 and then made my clients 10.8.0.2 and 10.8.0.3. They key is to not use any ips that are in use on your network, or are popular on other networks. I am not sure if I understand traefik's role in this. I can access the webui from outside but is that the only point of putting the behind traefik? I tried adding an entrypoint in my traefik.toml for udp on port 50821 but ended up taking it out in the end. I did read some had confgiured UDP to go through traefik but it doesn't look like you did this here right? Thanks |
What this PR does / why we need it:
Adds WireGuard - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
Which issue (if any) this PR fixes:
Fixes #
Any other useful info:
I've been using this container over a year (or two?). Recently I read about another image that has a web configuration front end built into it that I will eventually check out and possibly relace this image with.