wireguard

Docker app from linuxserver's Repository

Overview

WireGuard®(https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Runtime arguments

Network: bridge
Shell: bash
Privileged: false
Extra Params: --cap-add=NET_ADMIN --cap-add=SYS_MODULE --sysctl=net.ipv4.conf.all.src_valid_mark=1

Template configuration

WebUIPortudp

wireguard port

Target: 51820
Default: 51820

AppdataPathrw

Contains all relevant configuration files.

Target: /config

Path: /lib/modulesPathrw

Maps host's modules folder.

Target: /lib/modules

SERVERURLVariable

External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically

Default: wireguard.domain.com

SERVERPORTVariable

External port for docker host. Used in server mode.

Default: 51820

PEERSVariable

Number of peers to create confs for. Required for server mode. Can also be a list of names: `myPC,myPhone,myTablet` (alphanumeric only)

Default: 1

PEERDNSVariable

DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward.

Default: auto

INTERNAL_SUBNETVariable

Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode.

Default: 10.13.13.0

ALLOWEDIPSVariable

The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1.

Default: 0.0.0.0/0

LOG_CONFSVariable

Generated QR codes will be displayed in the docker log. Set to `false` to skip log output.

Default: true

PUIDVariable

Container Variable: PUID

Default: 99

PGIDVariable

Container Variable: PGID

Default: 100

UMASKVariable

Container Variable: UMASK

Default: 022

Download Statistics

63,324,981

Total Downloads

576,813

This Month

397,287

Avg / Month

Total Downloads Over Time

Loading chart...

Links

Template Support Registry Project

Details

Repository

lscr.io/linuxserver/wireguard

Registry

https://github.com/orgs/linuxserver/packages/container/package/wireguard

Last Updated2026-05-21

First Seen2021-12-26

Run Wireguard on Unraid.

Wireguard is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS