63 lines
3.2 KiB
Markdown
63 lines
3.2 KiB
Markdown
# How-To
|
|
|
|
This is a quick how-to or setup-guide to have a local Wireguard server using on your TrueNAS box.
|
|
This can be applied to other systems but this specific guide is SCALE specific with the prerequisites.
|
|
|
|
## Requirements
|
|
|
|
- Domain name (can be free using DuckDNS or any DDNS) that has your current WAN IP, WAN IP not recommended unless you have a static IP
|
|
- UDP Port 51820 (or whichever port you specify in Step 4 of the chart setup) Open on your firewall with port-forwarding to your TrueNAS box (this is for the Wireguard Tunnel). This will vary based on the router/firewall setup you're using, for example my Mikrotik has a Firewall rule setup
|
|
|
|
![wg-easy-firewall-ex1](img/wg-easy-firewall-ex1.png)
|
|
![wg-easy-firewall-ex2](img/wg-easy-firewall-ex2.png)
|
|
|
|
- WG-Easy Charts chart
|
|
|
|
## Prerequisites
|
|
|
|
For proper access to your local network (LAN), this chart requires two `sysctl` values set on your TrueNAS or system. For TrueNAS SCALE the way to change these values are inside `System` then `Advanced`. On that screen you add the following two values
|
|
|
|
- `net.ipv4.ip_forward`
|
|
- `net.ipv4.conf.all.src_valid_mark`
|
|
|
|
Set them to `1` and `Enabled`
|
|
|
|
![wg-easy-sysctl](img/wg-easy-sysctl.png)
|
|
|
|
## Wg-Easy Chart Setup
|
|
|
|
Step 1-2: Name chart and leave defaults for Step 2
|
|
|
|
Step 3:
|
|
|
|
- Change `WG_HOST` _required_ domain name (or WAN IP if you have a Static IP)
|
|
- Change `WG_DEFAULT_ADDRESS` only if it conflicts with other IP addresses on your network
|
|
- Change `WG_DEFAULT_DNS` can be set to your local DNS (eg my PiHole box) or a generic one like `1.1.1.1`
|
|
- Change `ADMIN_PASSWORD` _required_ - Always best to have some security in front of the GUI page
|
|
|
|
![wg-easy-chart-config](img/wg-easy-chart-config.png)
|
|
|
|
Step 4:
|
|
|
|
- The default port for the Wireguard UDP service is `51820` and it needs to be accessible outside your network in order for the Wireguard tunnel to work. Therefore if you change this port make sure you change the port on your Firewall as well.
|
|
|
|
![wg-easy-networking](img/wg-easy-networking.png)
|
|
|
|
Steps 5-8: Adjust as necessary but defaults are fine unless using Ingress, where you can refer to our [Quick-Start Guides](https://truecharts.org/docs/manual/SCALE%20Apps/Quick-Start%20Guides/add-ingress) for an overview
|
|
|
|
> **Recommended** If you're creating multiple users setting up Ingress for the Portal/GUI page is a secure and easy way to download your Wireguard configs or use the handy QR code scanner from your mobile device with the Wireguard app on iOS or Android.
|
|
>
|
|
> ![wg-chart-gui](img/wg-easy-gui.png)
|
|
|
|
There's a few options in the upstream container that aren't present by default in this chart that can be added as environment values. Please refer to the [upstream](https://github.com/weejewel/wg-easy) documentation as necessary and add those ENV VARS at your discretion without any support.
|
|
|
|
## Support
|
|
|
|
- If you need more details or have a more custom setup the documentation on the [upstream](https://github.com/weejewel/wg-easy) is very complete so check the descriptions of the options there.
|
|
- You can also reach us using [Discord](https://discord.gg/tVsPTHWTtr) for real-time feedback and support
|
|
- If you found a bug in our chart, open a Github [issue](https://github.com/truecharts/apps/issues/new/choose)
|
|
|
|
---
|
|
|
|
All Rights Reserved - The TrueCharts Project
|