Wireguard is a free open source VPN server and client that works on all devices.

This guide will explain how to get it setup, allowing you to securely connect to your home network remotely and access your local servers and services.

Setup your domain Link to heading

If you don’t already own a domain, purchase one from any registrar.

I use AWS Registrar and Route 53 to manage my domain and DNS.

You will then need to add a DNS A record pointing to your Public IP.

Setup the Wireguard server container Link to heading

On a server in your home network, install Docker with docker compose.

I use the linuxserver.io wireguard container image.

Create the docker-compose.yml:

---
version: "2.1"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - SERVERURL=domain.com
      - SERVERPORT=51820
      - PEERS=peer1,peer2,peer3
      - ALLOWEDIPS=0.0.0.0/0
      - LOG4J_FORMAT_MSG_NO_LOOKUPS=true
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

This will setup a wireguard container running on UDP port 51820.

  • Replace domain.com with your domain.
  • Update TZ=America/New_York with your timezone if necissary.
  • Update the PEER list with all the devices you would like to use as clients.

Run the container with:

docker compose up -d

Port forwarding Link to heading

In your router, port forward the UDP port 51820 to 51820 of the server running wireguard’s IP address.

Setup wireguard clients Link to heading

Install Wireguard on all the devices you want to be able to remotely connect to your home network. There are also apps for iPhone and Android.

In the wireguard server config directory, there is a directory for each peer created when building the container. There are two ways to configure the apps to connect to the Wireguard VPN:

  1. Copy the peer_<name>/peer_<name>.conf config onto the device and use it as the config file.
  2. Run docker exec -it wireguard /app/show-peer peer_name to display a QR code and scan it on the app.

Recap Link to heading

That’s it! You should now be able to securely VPN into your home network from any of your devices.

Client VPN > Domain Registrar > DNS pointing to public IP > Router port forwarding 51820 to the Wireguard server > Docker container running Wireguard server