{"id":23819771,"url":"https://github.com/chost-in/wireguard-selfhost","last_synced_at":"2026-05-03T11:34:04.884Z","repository":{"id":270363905,"uuid":"910111073","full_name":"chost-in/wireguard-selfhost","owner":"chost-in","description":"This repository provides a detailed guide and configuration files for setting up a WireGuard VPN server using Docker with support for dual-stack IPv4 and IPv6.","archived":false,"fork":false,"pushed_at":"2024-12-30T16:13:29.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-30T16:19:54.354Z","etag":null,"topics":["docker","docker-compose","wireguard-selfhost","yaml"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chost-in.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-30T14:18:16.000Z","updated_at":"2024-12-30T16:13:33.000Z","dependencies_parsed_at":"2024-12-30T16:19:58.116Z","dependency_job_id":"63b037ef-09ab-4228-9661-f3f02b87cade","html_url":"https://github.com/chost-in/wireguard-selfhost","commit_stats":null,"previous_names":["chost-in/wireguard-selfhost"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chost-in%2Fwireguard-selfhost","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chost-in%2Fwireguard-selfhost/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chost-in%2Fwireguard-selfhost/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chost-in%2Fwireguard-selfhost/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chost-in","download_url":"https://codeload.github.com/chost-in/wireguard-selfhost/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240100517,"owners_count":19747683,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-compose","wireguard-selfhost","yaml"],"created_at":"2025-01-02T07:15:10.445Z","updated_at":"2026-05-03T11:33:59.866Z","avatar_url":"https://github.com/chost-in.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# WireGuard Docker Setup\n\nThis repository provides a detailed guide and configuration files for setting up a WireGuard VPN server using Docker with support for dual-stack IPv4 and IPv6.\n\n## Features\n- Docker-based WireGuard setup.\n- Dual-stack IPv4 and IPv6 support.\n- Configurable environment variables for easy setup.\n- Automated subnet and peer configuration.\n\n## Prerequisites\n1. IPv6 enabled on the host server.\n2. Basic understanding of networking and VPNs.\n\n## Setup Instructions\n\n### 1. This example uses Ubuntu. You can check installation instructions for other distributions in the [Docker Install Docs](https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository).\nRun the following commands to install Docker:\n```bash\nsudo apt-get update\nsudo apt-get install -y ca-certificates curl\nsudo install -m 0755 -d /etc/apt/keyrings\nsudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc\nsudo chmod a+r /etc/apt/keyrings/docker.asc\n\n# Add Docker repository\necho \\\n  \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \\\n  $(. /etc/os-release \u0026\u0026 echo \\\"$VERSION_CODENAME\\\") stable\" | \\\n  sudo tee /etc/apt/sources.list.d/docker.list \u003e /dev/null\nsudo apt-get update\n\n# Install Docker and Docker Compose\nsudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin\n\n# Add current user to Docker group\nsudo usermod -aG docker $USER\nexit\n\n\n```\n**Note**: Log out and log back in to apply group changes.\n\n### 2. Create Docker Network for IPv6\nRun the following commands to create an IPv6-enabled Docker network:\n```bash\n# Create a Docker network with IPv6 support\n# Replace the subnet below if you wish to use a different custom IPv6 subnet\ndocker network create \\\n  --ipv6 \\\n  --subnet fd7e:247e:2031::/64 \\\n  ip6vpn\n\ndocker network inspect ip6vpn\n\n```\n\n### 3. Deploy WireGuard Using Docker Compose\n1. Clone this repository:\n   ```bash\n   git clone https://github.com/chost-in/wireguard-selfhost\n   cd wireguard-selfhost\n   \n   ```\n or\n1. Create a folder with name `wireguard-selfhost` and create a nano file with name `docker-compose.yaml` in it.\n2. Customize the `docker-compose.yaml` file as needed:\n   ```yaml\n   version: '3.8'\n   services:\n     wireguard:\n       image: lscr.io/linuxserver/wireguard:latest\n       container_name: wireguard\n       cap_add:\n         - NET_ADMIN\n         - SYS_MODULE\n       environment:\n         # Replace the following environment variables as needed:\n         - PUID=1001              # User ID on the host system\n         - PGID=1001              # Group ID on the host system\n         - TZ=Asia/Calcutta       # Timezone\n         - SERVERURL=wg.tva.pw    # Replace with your server's domain or public IP\n         - SERVERPORT=51820       # Port number for WireGuard, you can change if it is already in use \n         - PEERS=1                # Number of client peers to generate\n         - PEERDNS=1.1.1.1, 2606:4700:4700::1111 # DNS servers (IPv4 and IPv6 using cloudflare you can change if necessary)\n         - INTERNAL_SUBNET=10.13.13.0/24, fd7e:247e:2031::/64 # Internal subnets (IPv4 and IPv6 modify it as you need)\n         - ALLOWEDIPS=0.0.0.0/0, ::/0 # Allowed IPs for client traffic\n         - PERSISTENTKEEPALIVE_PEERS=\n         - LOG_CONFS=true\n       volumes:\n         - /home/ubuntu/wireguard-selfhost:/config\n         - /lib/modules:/lib/modules\n       ports:\n         - 51820:51820/udp\n       sysctls:\n         - net.ipv4.conf.all.src_valid_mark=1\n         - net.ipv6.conf.all.disable_ipv6=0\n         - net.ipv6.conf.all.forwarding=1\n         - net.ipv4.conf.all.forwarding=1\n       restart: unless-stopped\n       networks:\n         - ip6vpn\n\n   networks:\n     ip6vpn:\n       external: true\n       enable_ipv6: true\n       ipam:\n         driver: default\n         config:\n           - subnet: \"10.13.13.0/24\" # Default IPv4 subnet\n           - subnet: \"fd7e:247e:2031::/64\" # Replace with your custom IPv6 subnet\n   ```\n3. Start the container:\n   ```bash\n   docker compose up -d\n   ```\n\n### 4. Configuration Check\n1. Navigate to the `wg_confs/` directory.\n2. Open `wg0.conf` and add the necessary IPv6 subnet details:\n   ```\n   # By default, IPv4 subnet will be provisioned. Ensure IPv6 is added as follows:\n   Address = 10.13.13.1, fd7e:247e:2031::2\n   AllowedIPs = 10.13.13.2/32, fd7e:247e:2031::3/128\n   ```\n3. Check PostUP and PostDown is allowing IPV6, for reference only\n   ```\n   PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth+ -j MASQUERADE\n   PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat --D POSTROUTING --out-interface eth+\n   ```\n4. Restart the container:\n   ```bash\n   docker restart wireguard\n   ```\n\n## Testing\nTo test IPv6 connectivity from within the container, run:\n```bash\n# Test IPv6 connectivity by pinging a public IPv6 address\ndocker exec -it wireguard ping6 2001:4860:4860::8888\n```\n\n## Troubleshooting\n- Ensure IPv6 is enabled on the host server.\n- Check Docker network configurations with `docker network inspect`.\n- Use logs for debugging:\n  ```bash\n  docker logs wireguard\n  ```\n\n## License\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchost-in%2Fwireguard-selfhost","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchost-in%2Fwireguard-selfhost","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchost-in%2Fwireguard-selfhost/lists"}