Table of Contents
Server Setup
Prerequisites
- A Linux server with Docker and Docker Compose
- Open ports 51820/UDP and 51821/TCP
- Public IP address or domain name
Docker Installation
For Ubuntu/Debian:
sudo apt update
sudo apt install docker.io docker-compose -y
For CentOS:
sudo yum install docker docker-compose -y
sudo systemctl start docker
sudo systemctl enable docker
WireGuard Server Setup
- Create a working directory:
mkdir wireguard
cd wireguard
- Create docker-compose.yml:
version: "3.8"
services:
wg-easy:
environment:
- WG_HOST=43.139.113.x
- PASSWORD=<your-password>
- WG_DEFAULT_ADDRESS=10.10.10.x
- WG_DEFAULT_DNS=114.114.114.114
- WG_ALLOWED_IPS=10.10.10.0/24
image: weejewel/wg-easy
container_name: wg-easy
volumes:
- .:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- Configure firewall:
# Ubuntu/Debian
sudo ufw allow 51820/udp
sudo ufw allow 51821/tcp
# CentOS
sudo firewall-cmd --permanent --add-port=51820/udp
sudo firewall-cmd --permanent --add-port=51821/tcp
sudo firewall-cmd --reload
- Start the service:
docker-compose up -d
Linux Client
Installation
For Ubuntu/Debian:
sudo apt update
sudo apt install wireguard resolvconf -y
For CentOS:
sudo yum install epel-release -y
sudo yum install wireguard-tools -y
Configuration
# Create configuration directory
sudo mkdir -p /etc/wireguard
# Move configuration file
sudo mv wg0.conf /etc/wireguard/
sudo chmod 600 /etc/wireguard/wg0.conf
Management Commands
# Start connection
sudo wg-quick up wg0
# Enable auto-start
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
# Check status
sudo wg
sudo systemctl status wg-quick@wg0
# Stop connection
sudo wg-quick down wg0
# View logs
sudo journalctl -fu wg-quick@wg0
MacOS Client
GUI Method
- Install WireGuard from the App Store
- Download configuration from Web UI
- Import configuration by dragging into the app
- Click to activate connection
Command Line Method
# Install WireGuard
brew install wireguard-tools
# Create configuration directory
sudo mkdir -p /usr/local/etc/wireguard
# Move configuration
sudo mv ~/Downloads/wg0.conf /usr/local/etc/wireguard/
Auto-reconnect Setup
Create LaunchDaemon:
sudo tee /Library/LaunchDaemons/com.wireguard.wg0.plist << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.wireguard.wg0</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/wg-quick</string>
<string>up</string>
<string>wg0</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
</dict>
</plist>
EOF
sudo chown root:wheel /Library/LaunchDaemons/com.wireguard.wg0.plist
sudo chmod 644 /Library/LaunchDaemons/com.wireguard.wg0.plist
Mobile Clients
Android Setup
- Install WireGuard from Google Play Store
- Open Web UI (https://43.139.113.x:51821)
- Generate new client configuration
- Scan QR code or import configuration file
- Tap to connect
iOS Setup
- Install WireGuard from App Store
- Access Web UI
- Generate new client configuration
- Scan QR code or use AirDrop
- Allow VPN configuration installation
- Toggle to connect
Windows Client
- Download WireGuard installer from official website
- Run installer
- Download configuration from Web UI
- Click "Import tunnel(s) from file"
- Select downloaded configuration
- Click "Activate" to connect
Server Maintenance
Docker Commands
# View logs
docker logs -f wg-easy
# Restart container
docker-compose restart
# Update image
docker-compose pull
docker-compose up -d
# Stop service
docker-compose down
Client Management
- Each client needs a unique configuration
- Name clients in Web UI for easy management
- Disable or remove clients through Web UI
- Set device limits if needed
- Update clients regularly for security
Troubleshooting
Server Issues
- Check Docker container status:
docker ps
docker logs wg-easy
- Verify port accessibility:
netstat -tulpn | grep -E '51820|51821'
Client Issues
- Check connection status:
sudo wg show all
- Verify DNS resolution:
ping -c 3 google.com
- Review system logs:
sudo journalctl -u wg-quick@wg0
Security Considerations
- Keep server and clients updated
- Use strong passwords for Web UI
- Regularly audit active connections
- Secure configuration files
- Monitor server logs
- Implement client-specific access rules
Conclusion
This guide provides a comprehensive setup for WireGuard VPN across different platforms. Regular maintenance and updates are crucial for security. The Web UI makes client management straightforward, while command-line tools offer advanced control when needed.
Remember to replace placeholder values (like IP addresses and passwords) with your actual configuration details.