In this segment, we are going to show you “How to Install WireGuard on OpenMediaVault 5 inside Docker with Portainer using RPi 4“
What is WireGuard?
WireGuard is a free and open-source software application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It was written by Jason A. Donenfeld and is published under the GNU General Public License (GPL) version 2. The Linux version of the software has reached a stable production release and was incorporated into the Linux 5.6 release in late March 2020.
Source /> Wikipedia
- Official Website WireGuard
- Full credit for this tutorial goes to linuxserver/wireguard
Looking for Best VPN – Grab the Deal
OpenMediaVault Versions :
OpenMediaVault 5 Installation Guide :
https://pcmac.biz/openmediavault-5-on-raspberry-pi/| Equipment Required | Optional | ||
 |
Raspberry Pi 4 |  |
Case |
 |
SD Card |  |
Raspberry Pi Keyboard |
 |
Ethernet Cable |  |
Mouse |
 |
Power Adapter | ||
 |
External HDD | ||
| Shop now | |||
WireGuard for Server Mode
Docker
docker create \ --name=wireguard \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/London \ -e SERVERURL=wireguard.domain.com `#optional` \ -e SERVERPORT=51820 `#optional` \ -e PEERS=1 `#optional` \ -e PEERDNS=auto `#optional` \ -e INTERNAL_SUBNET=10.13.13.0 `#optional` \ -p 51820:51820/udp \ -v /path/to/appdata/config:/config \ -v /lib/modules:/lib/modules \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart unless-stopped \ linuxserver/wireguard
- -e INTERNAL_SUBNET=10.13.13.0 Internal subnet for the WireGuard and server and peers (only change if it clashes). Used in server mode.
WireGuard for Client Mode
Docker
docker create \ --name=wireguard \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/London \ -p 51820:51820/udp \ -v /path/to/appdata/config:/config \ -v /lib/modules:/lib/modules \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart unless-stopped \ linuxserver/wireguard
- –sysctl= Required for client mode.
How to find PUID & PGID
- However, to find PUID and PGID we can use the below-given command.
id name of the user UID : "PUID" GID : "PGID"
How to add Server URL
- To generate the Server URL for WireGuard Server we need to create a Dynamic DNS address.
Setting up Dynamic DNS
Here, we need to visit the DUCKDNS website to create a Free Dynamic DNS for our Public IP. 
- You can use any of the above methods to login into the DUCKDNS website and create a subdomain for your website. Once you logged in and create a subdomain that can be used as Server URL for WireGuard.
- In my case, I have created omvpcmac as my subdomain, You can create 5 subdomains account on Duck DNS for free.
After the Dynamic DNS successfully created we can replace the wireguard.domain.com with our DUCKDNS address and run the container from the above command.
Setting up Port Forwarding on Router
To forward the port, we need to know the IP Address of our router for that we can use Wireless Network Watcher and it will display the router IP Address as shown below. 
Now, use this IP Address in your browser and it will open the login page for your router. After that, you need to enter the username & password to login to your router.
- If you don’t know the username & password of your router you can always ask your ISP.
- For personal routers, you can always check online for default username & password for the router.
- In my case, I need to navigate to services and then move to Port Forwarding, your’s might be different.
- Then you need to forward port 51820, to the Raspberry Pi IP Address.
Add Peers/Client to Wireguard Server
- To add more peers/clients, later on, you can run the below-given command while the container is running mode.
docker exec -it wireguard /app/add-peer
- Once the command successfully executed you will see a QR Code. That you need to scan from your device to download the peers/clients file.
Result
- To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments:
docker exec -it wireguard /app/show-peer 1 4 5
- (Keep in mind that the QR codes are also stored as PNGs in the config folder).
The templates used for server and peer confs are saved under /config/templates.
WireGuard Setup on Android
- To install WireGuard you need to download it from PlayStore and open it once installation finish.
- Now you will see a + sign on the bottom right corner, You need to click on that and you will be able to see these options.
- After that, you can use any of these options to import your file on your phone. But we recommend using a scan from QR code.
In conclusion, you are all set to use Raspberry Pi 4 as WireGuard Server on OpenMediaVault 5 with the help of Docker. If you face any issue regarding this article please share your thoughts. Enjoy using WireGuard on Docker with Openmediavault. Smile (.”_”.)
Please check out my other articles:
- How to install OpenMediaVault 5 on Raspberry Pi All Models
- OpenMediaVault 5 NAS Server on Raspberry Pi 4
- Plex Media Server on OMV 5 inside Docker with Portainer using RPi 4
- How to Install Radarr on OpenMediaVault 5 inside Docker with Portainer using RPi 4
Did you find us helpful?
| Subscribe our YouTube Channel |  |
| Support us on Patreon |  |
| Like us on Facebook |  |
| Share This Article with others | |
Thanks for a great guide!
Don’t you need to open the firewall on the OMV?
It’s working fine like this, you can try if you need more security.
Please share your feedback here. So, other users can also check the comments.
Hello,
I used the path to the shared folder Docker : “/srv/dev-disk-by-label-PiDisk/Docker” and used it for command line
-v /srv/dev-disk-by-label-PiDisk/Docker/Containers/wireguard/config:/config \
Thank you
Answer 1: You should create folders with proper permission.
Answer 2: use sudo su to access root or you can change the root password.
sudo passwd root.
Thank you very much!
Welcome
Unable to find image ‘linuxserver/wireguard:latest’ locally
latest: Pulling from linuxserver/wireguard
254465ad443f: Pulling fs layer
9a290c8d6c10: Pulling fs layer
ac78affa1f14: Pulling fs layer
dbb2875764e4: Waiting
9c1608458cff: Waiting
f6e510f56558: Waiting
open /srv/dev-disk-by-label-PiDisk/Docker/tmp/GetImageBlob068670249: no such file or directory
root@raspberrypi:~#
Above the message I get from Terminal. I create shared folder Data and inside it “wireguard” with config and lib folders. Data folder has permission that mentioned in your tutorial.
open /srv/dev-disk-by-label-PiDisk/Docker/tmp/GetImageBlob068670249: no such file or directory
Check out this line.
What do you mean? To use it instead of first line instead of
-v /srv/dev-disk-by-label-PiDisk/Data/wireguard/config:/config \ ?
Please contact me on Telegram, I will help you.
What is your Telegram address?
Please send your Telegram address.
pcmac24x7
Thank you! I have managed to set up docker with the name wireguard. Then I used the command docker exec -it wireguard /app/show-peer several times. Below the results
root@raspberrypi:~# docker exec -it wireguard /app/show-peer
You need to specify which peers to show
root@raspberrypi:~# docker exec -it wireguard /app/show-peer 1
grep: /config/wg0.conf: No such file or directory
PEER 1 is not active
root@raspberrypi:~# docker exec -it wireguard /app/show-peer
You need to specify which peers to show
root@raspberrypi:~# docker exec -it wireguard /app/show-peer 1
grep: /config/wg0.conf: No such file or directory
PEER 1 is not active
Please advise what I have to try.
I really like your videos/guides, but I’m having an issue with this one. When I try to add a peer, I get “Wireguard is not set up in server mode” just like you did, but restarting the container doesn’t resolve the issue like it did for you. I have PEERS=3 because I wanted to add 3 clients. I’ve changed PEERS back to 1 but get the same results. Any idea what I’m messing up?
Thanks!
You need to wait for some time, Let the server start.
Unfortunately, waiting did not resolve the issue. It might be the kernel I’m on? (5.4.51-7I+) Below is the log I get in Portainer. Any advice is appreciated. If I can’t get this going, I’ll probably go with your OpenVPN setup, but I really wanted to get Wireguard working. Thank you!
Did you check the user permission.
I’ve set the appdata folder to everyone read/write and I’ve tried different user PUID/PGID. All get the same result. Also, it creates other files/directories in the specified path, just not the ones it can’t find.
Same issue for me, tryed the same steps as you. Is there any known solution for it? Couldnt find anything at google :/
Just to make sure, is the kernel headers installed properly on the host machine?
Also you can try:
There appears to be a bug in your script. The listening port listed in wg0.conf doesn’t match if someone enters in a different port when configuring the docker. The peer.conf files change, but wg0.conf does not. This is a simple fix by installing nano ( apt update then apt install nano) and changing the listening port to the desired port. Don’t forget to reboot the docker once you’ve changed the port.
Thanks for the update.
How to setup in client mode?
I have run the command to install docker container of client mode.
it’s running but I don’t know what to do next.
If there are another pihole docker running in system. How to make it work ? Please help take a look
Try to update the OS again.