Post

WireGuard VPN Setup Guide

Posted
By Roman TechnoVerse
2 min read
WireGuard VPN Setup Guide

WireGuard® is a modern VPN protocol renowned for its simplicity and cryptographic security. This guide leverages wg-easy - a Docker-based solution with web UI - to simplify WireGuard configuration and client management.

Prerequisites

  1. Virtual Machine (VM)
  2. Public IP address (find yours here)

WireGuard VPN Setup Walkthrough

Optional: Install Docker & Docker Compose

If you don’t have Docker installed, follow the official Docker installation guide:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

# Install Docker components:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify installation:

1

docker -v && docker compose version

1. Configure WireGuard VPN Service

For simplified WireGuard management, we’ll use wg-easy - a Docker-based solution with web UI.

Implementation Steps:

  1. Use the official wg-easy docker-compose template
  2. Create configuration file with these parameters:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

volumes:
  etc_wireguard:

services:
  wg-easy:
    environment:
      - LANG=en
      - WG_HOST=${YOUR_PUBLIC_IP}
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    volumes:
      - etc_wireguard:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

🔑 Critical Requirement
Replace ${YOUR_PUBLIC_IP} with your actual public IP from ifconfig.co before deployment

Launch the service:

1

docker compose up -d

2. Configure VPN Clients

  1. Access wg-easy web UI at http://your-vm-ip:51821
  2. Create new client profiles using the “+” button

For mobile devices:

For desktop:

3. Network Configuration

  • Port forward UDP 51820 on your router
  • Confirm public IP matches your external IP

Verification & Testing

  1. Initial check (without VPN):
    • From external network: http://your-vm-ip:51821 → connection fails
  2. Post-connection test:
    • Connect VPN → refresh UI → should load
    • Verify status in WG-Easy UI

Useful References

homelab
homelab proxmox wireguard docker
This post is licensed under CC BY 4.0 by the author.