update wireguard

README.md

@@ -392,6 +392,7 @@ A collection of delicious docker recipes.
 - [x] wekanteam/wekan
 - [x] requarks/wiki
 - [x] yourls
+- [x] ghcr.io/linuxserver/wireguard
 - [x] zookeeper
 - [x] elkozmon/zoonavigator
 

wireguard/Dockerfile

@@ -1,13 +0,0 @@
-#
-# Dockerfile for wireguard-arm
-#
-
-FROM arm32v7/alpine
-
-MAINTAINER EasyPi Software Foundation
-
-RUN apk add --no-cache coreutils iptables wireguard-tools
-
-EXPOSE 51820/udp
-
-CMD ["wg", "--help"]

wireguard/README.md

@@ -1,39 +1,32 @@
 wireguard
 =========
 
-## Install Kernel Module
+[WireGuard®][1] is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
+
+
+## Up and Running
 
 ```bash
+$ echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list
 $ apt update
-$ apt install -y dirmngr raspberrypi-kernel-headers
+$ apt install wireguard
-$ echo 'deb http://deb.debian.org/debian/ unstable main' > /etc/apt/sources.list.d/unstable-wireguard.list
+$ docker-compose up -d
-$ printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
+$ docker-compose logs -f wireguard
-$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
+$ tree -d
-$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
+└── data
-$ apt update
+    ├── coredns
-$ apt install -y wireguard-dkms
+    ├── peer1
-$ modprobe wireguard
+    ├── peer2
-$ lsmod | grep wireguard
+    ├── peer3
+    ├── server
+    └── templates
 ```
 
-## Generate Keys
+## GUI Clients
 
-```bash
+- Android: https://f-droid.org/en/packages/com.wireguard.android/
-$ umask 077
+- iOS: https://itunes.apple.com/us/app/wireguard/id1441195209
-$ wg genkey | tee privatekey | wg pubkey > publickey
+- MacOS: https://itunes.apple.com/us/app/wireguard/id1451685025
-```
+- Windows: https://download.wireguard.com/windows-client/
 
-## Create Config
+[1]: https://www.wireguard.com/
-
-```ini
-[Interface]
-Address = 192.168.32.1/24
-ListenPort = 51820
-PrivateKey = SMDPkZPE6R9VyqT3ucxE5v//GnIzzruYC0MPD5efr3w=
-PostUp = iptables -t nat -A POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -A FORWARD -j ACCEPT
-PreDown = iptables -t nat -D POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -D FORWARD -j ACCEPT
-
-# [Peer]
-# PublicKey = VMK48tEcTLBwzxS+2gx3MH4IRlE7upTKPkYIE/xa7S0=
-# AllowedIPs = 192.168.32.2/32
-```

wireguard/data/wg0.conf

@@ -1,10 +0,0 @@
-[Interface]
-Address = 192.168.32.1/24
-ListenPort = 51820
-PrivateKey = kNX2ozKebAlSd8P7mbRnm5RPT1/1l9DF05Nes9yjJ3o=
-PostUp = iptables -t nat -A POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -A FORWARD -j ACCEPT
-PreDown = iptables -t nat -D POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -D FORWARD -j ACCEPT
-
-[Peer]
-PublicKey = vrNjkdY8PT7AFcWr87uhrwuPPDgzNh1KA9zkyRiQSRM=
-AllowedIPs = 192.168.32.2/32

wireguard/docker-compose.yml

@@ -1,12 +1,26 @@
-wireguard:
+version: "3.8"
-  image: easypi/wireguard-arm
+services:
-  command: ["sh", "-c", "wg-quick up wg0 && sleep infinity"]
+  wireguard:
-  ports:
+    image: ghcr.io/linuxserver/wireguard
-    - "51820:51820/udp"
+    container_name: wireguard
-  volumes:
+    cap_add:
-    - ./data:/etc/wireguard
+      - NET_ADMIN
-    - /lib/modules:/lib/modules
+      - SYS_MODULE
-  cap_add:
+    environment:
-    - NET_ADMIN
+      - PUID=1000
-    - SYS_MODULE
+      - PGID=1000
-  restart: unless-stopped
+      - TZ=UTC
+      - SERVERURL=easypi.duckdns.org
+      - SERVERPORT=51820
+      - PEERS=3
+      - PEERDNS=auto
+      - INTERNAL_SUBNET=10.18.18.0
+      - ALLOWEDIPS=0.0.0.0/0
+    volumes:
+      - ./data:/config
+      - /lib/modules:/lib/modules
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped