Howto get Wireguarding running via Docker - A description of a successful try
-
- Getting the hang of things
- Posts: 76
- Joined: Fri Jan 30, 2009 6:00 pm
Re: Howto get Wireguarding running via Docker - A description of a successful try
Hi, sorry for the late answer... and sorry for not being able to help further. As it seems, the routes are not established correctly (iptables-error)... But I assume you knew that anyway. Probably somebody else can help with debugging...
-
- Getting the hang of things
- Posts: 91
- Joined: Thu Jan 15, 2009 12:56 am
Re: Howto get Wireguarding running via Docker - A description of a successful try
Hello!
I am working on getting Wireguard to work on my QNAP NAS, but not in a docker container. Instead, I have installed wireguard-go as an Entware package.
I really like the detail you posted in what you had to do to get wireguard working in a userspace.
Here is my question:
Why did you have to append the 2 packet rules in iptables on Postup (and remove them at Postdown)?
Was it because this implementation was in a container?
Or did you somehow see that the packets intended for wireguard were not being sent out the correct interface? (Like, how did you figure this out?)
I am trying to figure out why my QNAP wireguard installation isn't working, and whether these rules are necessary in my implementation, even though my wireguard is not in a Docker container.
Thank you for your help!
I am working on getting Wireguard to work on my QNAP NAS, but not in a docker container. Instead, I have installed wireguard-go as an Entware package.
I really like the detail you posted in what you had to do to get wireguard working in a userspace.
Here is my question:
Why did you have to append the 2 packet rules in iptables on Postup (and remove them at Postdown)?
Was it because this implementation was in a container?
Or did you somehow see that the packets intended for wireguard were not being sent out the correct interface? (Like, how did you figure this out?)
I am trying to figure out why my QNAP wireguard installation isn't working, and whether these rules are necessary in my implementation, even though my wireguard is not in a Docker container.
Thank you for your help!
-
- Starting out
- Posts: 29
- Joined: Sat Nov 11, 2017 9:38 pm
Re: Howto get Wireguarding running via Docker - A description of a successful try
I'm happy to report that setting up wireguard server becomes fairly straightforward once you are running QTS 5.0 (currently still beta). I am using the linuxserver image and the below docker-config.yml works for me. You can launch this docker image via container-station / create / "create application", but have not explicitly tried it because I am launching docker containers via ssh access.
The only two additional requirements will be that you forward the respective port to your QNAP device or trigger port-forwarding via myQNAPcloud app. And you probably want to configure for another folder location than /share/Container/wireguard/config. Once launched, this where you find 1 subfolder for each peer containing a .conf file or QR code, so that you can set up the respective peer devices.
The only two additional requirements will be that you forward the respective port to your QNAP device or trigger port-forwarding via myQNAPcloud app. And you probably want to configure for another folder location than /share/Container/wireguard/config. Once launched, this where you find 1 subfolder for each peer containing a .conf file or QR code, so that you can set up the respective peer devices.
Code: Select all
version: "2.1"
services:
wireguard:
image: ghcr.io/linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
dns:
- 1.1.1.1. # may not be required
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Berlin
- SERVERURL=MYSERVER.myqnapcloud.com
- SERVERPORT=51820
- PEERS=myiPhone,2,3,4,5
- PEERDNS=1.1.1.1
# - INTERNAL_SUBNET=10.13.13.0 #optional
# - ALLOWEDIPS=192.168.16.0/24 #optional - internal IP range here
volumes:
- /share/Container/wireguard/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
-
- Getting the hang of things
- Posts: 75
- Joined: Tue Oct 03, 2017 10:37 pm
Re: Howto get Wireguarding running via Docker - A description of a successful try
Hey, time has passed but I can confirm that this has worked perfectly on the first try. thanks!mseewald wrote: ↑Tue Jul 27, 2021 12:01 am I'm happy to report that setting up wireguard server becomes fairly straightforward once you are running QTS 5.0 (currently still beta). I am using the linuxserver image and the below docker-config.yml works for me. You can launch this docker image via container-station / create / "create application", but have not explicitly tried it because I am launching docker containers via ssh access.
The only two additional requirements will be that you forward the respective port to your QNAP device or trigger port-forwarding via myQNAPcloud app. And you probably want to configure for another folder location than /share/Container/wireguard/config. Once launched, this where you find 1 subfolder for each peer containing a .conf file or QR code, so that you can set up the respective peer devices.
Code: Select all
version: "2.1" services: wireguard: image: ghcr.io/linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE dns: - 1.1.1.1. # may not be required environment: - PUID=1000 - PGID=100 - TZ=Europe/Berlin - SERVERURL=MYSERVER.myqnapcloud.com - SERVERPORT=51820 - PEERS=myiPhone,2,3,4,5 - PEERDNS=1.1.1.1 # - INTERNAL_SUBNET=10.13.13.0 #optional # - ALLOWEDIPS=192.168.16.0/24 #optional - internal IP range here volumes: - /share/Container/wireguard/config:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped