Howto get Wireguarding running via Docker - A description of a successful try

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

Hi, sorry for the late answer... and sorry for not being able to help further. As it seems, the routes are not established correctly (iptables-error)... But I assume you knew that anyway. Probably somebody else can help with debugging...
jmarks
Getting the hang of things
Posts: 91
Joined: Thu Jan 15, 2009 12:56 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by jmarks »

Hello!
I am working on getting Wireguard to work on my QNAP NAS, but not in a docker container. Instead, I have installed wireguard-go as an Entware package.

I really like the detail you posted in what you had to do to get wireguard working in a userspace.

Here is my question:

Why did you have to append the 2 packet rules in iptables on Postup (and remove them at Postdown)?

Was it because this implementation was in a container?

Or did you somehow see that the packets intended for wireguard were not being sent out the correct interface? (Like, how did you figure this out?)

I am trying to figure out why my QNAP wireguard installation isn't working, and whether these rules are necessary in my implementation, even though my wireguard is not in a Docker container.

Thank you for your help!
mseewald
Starting out
Posts: 29
Joined: Sat Nov 11, 2017 9:38 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by mseewald »

I'm happy to report that setting up wireguard server becomes fairly straightforward once you are running QTS 5.0 (currently still beta). I am using the linuxserver image and the below docker-config.yml works for me. You can launch this docker image via container-station / create / "create application", but have not explicitly tried it because I am launching docker containers via ssh access.
The only two additional requirements will be that you forward the respective port to your QNAP device or trigger port-forwarding via myQNAPcloud app. And you probably want to configure for another folder location than /share/Container/wireguard/config. Once launched, this where you find 1 subfolder for each peer containing a .conf file or QR code, so that you can set up the respective peer devices.

Code: Select all

version: "2.1"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    dns:
      - 1.1.1.1. # may not be required
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Berlin
      - SERVERURL=MYSERVER.myqnapcloud.com
      - SERVERPORT=51820
      - PEERS=myiPhone,2,3,4,5
      - PEERDNS=1.1.1.1
#      - INTERNAL_SUBNET=10.13.13.0 #optional
#      - ALLOWEDIPS=192.168.16.0/24 #optional - internal IP range here
    volumes:
      - /share/Container/wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by adetogni »

mseewald wrote: Tue Jul 27, 2021 12:01 am I'm happy to report that setting up wireguard server becomes fairly straightforward once you are running QTS 5.0 (currently still beta). I am using the linuxserver image and the below docker-config.yml works for me. You can launch this docker image via container-station / create / "create application", but have not explicitly tried it because I am launching docker containers via ssh access.
The only two additional requirements will be that you forward the respective port to your QNAP device or trigger port-forwarding via myQNAPcloud app. And you probably want to configure for another folder location than /share/Container/wireguard/config. Once launched, this where you find 1 subfolder for each peer containing a .conf file or QR code, so that you can set up the respective peer devices.

Code: Select all

version: "2.1"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    dns:
      - 1.1.1.1. # may not be required
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Berlin
      - SERVERURL=MYSERVER.myqnapcloud.com
      - SERVERPORT=51820
      - PEERS=myiPhone,2,3,4,5
      - PEERDNS=1.1.1.1
#      - INTERNAL_SUBNET=10.13.13.0 #optional
#      - ALLOWEDIPS=192.168.16.0/24 #optional - internal IP range here
    volumes:
      - /share/Container/wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
Hey, time has passed but I can confirm that this has worked perfectly on the first try. thanks!
Post Reply

Return to “Miscellaneous”