WireGuard
Fast, modern VPN tunnel — access your homelab remotely from anywhere.
| Image | lscr.io/linuxserver/wireguard:latest |
| Port | 51820/UDP |
| Config path | {BASE_DIR}/wireguard/config |
| Website | wireguard.com |
| Source code | GitHub |
| Android app | Play Store |
| iOS app | App Store |
Resource Impact
| Performance | Low — Kernel module |
| Storage | Low — VPN tunnel |
Installation
sh
mithrandir install wireguardRequired Secrets
| Variable | Description |
|---|---|
WG_SERVERURL | Your public IP address or DuckDNS domain |
WG_PEERS | Number of VPN peer configurations to generate |
Peer Configuration
After installation, peer config files are generated at:
{BASE_DIR}/wireguard/config/peer1/peer1.conf
{BASE_DIR}/wireguard/config/peer2/peer2.conf
...Scan the QR code or copy the .conf file to your WireGuard client (available on iOS, Android, Windows, macOS, Linux).
To display the QR code in the terminal, run
sh
sudo docker exec wireguard /app/show-peer 1Replace 1 with the peer number you want to display (e.g., 2 for peer2).
Notes
WireGuard requires the NET_ADMIN and SYS_MODULE Linux capabilities and mounts /lib/modules from the host.
Setup
- Add your duckdns domain to the WG_SERVERURL environment variable in your
.envfile. - You need to add port forwarding to your router for wireguard to work. The internal port is
51820and the external port is51820as well using the UDP protocol and assign it to the IP address of your homelab. - Download the WireGuard client app for your platform and scan the QR code to connect to your WireGuard server. Then when you want to access your homelab from another network, open the WireGuard app and tap the "connect" button.