Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding wireguard template #172

Open
codefuturist opened this issue Jan 18, 2023 · 2 comments
Open

Adding wireguard template #172

codefuturist opened this issue Jan 18, 2023 · 2 comments

Comments

@codefuturist
Copy link

codefuturist commented Jan 18, 2023
edited
Loading

I would like to have a WireGuard template implemented and would also put in the work to create one.
But before I invest my time, what does the community think about this? Is there a certain demand? Is it even feasible with the special NET_MODULES required to run WireGuard?
@deviantony
Copy link
Member

@Kithrian it would be nice to have I think, do you have links to the wireguard container deployment documentation? I can tell you whether the template system of Portainer would support it.

@codefuturist
Copy link
Author

codefuturist commented Jan 24, 2023
edited
Loading

@deviantony Thank you for your response. The exact container is lscr.io/linuxserver/wireguard:latest and the official docker run command according to their documentation is:

docker run -d \
  --name=wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/London \
  -e SERVERURL=wireguard.domain.com `#optional` \
  -e SERVERPORT=51820 `#optional` \
  -e PEERS=1 `#optional` \
  -e PEERDNS=auto `#optional` \
  -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
  -e ALLOWEDIPS=0.0.0.0/0 `#optional` \
  -e PERSISTENTKEEPALIVE_PEERS= `#optional` \
  -e LOG_CONFS=true `#optional` \
  -p 51820:51820/udp \
  -v /path/to/appdata/config:/config \
  -v /lib/modules:/lib/modules `#optional` \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --restart unless-stopped \
  linuxserver/wireguard

For those, who don't know this container: It does generate all encryption keys on the first run of the container and is really easy to use. Compared to the standard WireGuard package in Linux, where you have to generate all the keys manually, which is not really beginner-friendly. Also I think, it would be a nice addition, for those, who want a simple solution to remotely manage their Portainer instance. Of course, you could just expose the Portainer port, but this is in my eyes a huge security risk. As far as I read, it does not even run with Kubernetes and no templates seem to exist there, so the only way to run it in a user-friendly environment is to run the container in Portainer. Even runs on ARM/Raspberry Pi! Compared to other VPN solutions like OpenVPN and IKEv2 is WireGuard by far the easiest to use and provides modern encryption.

It is also my first time contributing to open source and I appreciate really any help I can get, so no hard feelings!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deviantony @codefuturist