WireGuard is a fast, modern, and secure VPN tunnel that provides ease of use and high performance. It is available for various platforms including Windows, Linux, macOS, iOS, and Android.

• Docker installed (optional, for containerized setup)

1. Docker: My preferred use case continue to Step 2
2. Windows: Download the installer from the official WireGuard website and follow the installation instructions.
3. Linux: Use your package manager to install WireGuard. For example, on Ubuntu:

   sudo apt install wireguard
   

1. Open wireguard.yaml and update the unique to you settings
2. ALLOWEDIPS: 0.0.0.0/0,<your networks IP range
3. PEERDNS: ${PIHOLE_PRI} - This is optional, this will make sure everyone who connects to the VPN will use PIHole
4. INTERNAL_SUBNET: <Choose an IP range for your VPN clients ie) 192.168.10.0
5. PEERS: <Give each peer you intend to connect with a name here. You can add more later)
6. Save wireguard.yaml
7. Re-create the container

   docker compose -p mediaserver -f docker-compose-server<num>.yaml up --detach
   

Follow these steps to reset the private and public keys for a WireGuard peer:

1. Generate New Private Key:

   wg genkey | tee /path/to/new_private_key
   

2. Generate New Public Key from Private Key:

   • Note, if you get Permission denied set the permissions to write for the file.

   wg pubkey < /path/to/new_private_key > /path/to/new_public_key
   

3. Update WireGuard Configuration File:

   • Update your WireGuard configuration file (wg0.conf or similar) with the new keys.

4. Restart WireGuard Interface:

   • Restart the WireGuard interface to apply the changes.

   sudo wg-quick down wg0
   sudo wg-quick up wg0
   

5. Update Peers:

   • Inform the affected peer(s) to update their configuration with the new public key.

Common Issues:⚠️ July 2025, Note for Docker/Alpine Users If you're using the linuxserver/wireguard container image and encountered issues around July 2025 (like WireGuard tunnels not passing traffic), it may be due to changes in Alpine base image or iptables configuration. The image tagged 1.0.20250521-r0-ls81 introduced breaking changes — rolling back to 1.0.20210914-r4-ls80 resolved it for many. To avoid future breakage, consider pinning your WireGuard image tag explicitly in docker-compose.yaml, and monitor the GitHub repo for updates or changelogs.

Logs: Check container logs (docker logs <container_name>) for error messages related to iptables, interfaces, or peer connections.

✘ wireguard Error manifest unknown
Error response from daemon: manifest unknown

Support: Monitor the GitHub repo for updates or changelogs.