I set the environment variable WG_PROT to 443 in kubernetes deployment.yml

  env:
  - name: WG_PORT
    value: "443"

however running wg show from within the pod shows that wireguard is still listening to port 51820, see the output below:

➜ nas-kubernetes-cluster git:(master) ✗ kubectl -n apps exec --stdin --tty deployment/wireguard -- /bin/bash
bash-5.0# wg show
interface: wg0
  public key: 53Cxxx=
  private key: (hidden)
  listening port: 51820

peer: DSGxxx=
  preshared key: (hidden)
  allowed ips: 10.0.0.2/32

needless to say that I am still trying to make it work in kubernetes.

Just curious why the repo is set to build an image daily? I run DIUN to notify me of container updates and so I get notifications daily to upgrade the container, but from looking at the dockerfile I don't see why a daily build is needed? Would it be possible to:

1. reduce the build frequency to weekly?
2. create a "stable" tag that isn't updated as frequently and have the daily builds tagged as "daily" or something like that?
3. build on commits being made?

Hi,

I rely on your container a lot and i've just heard the news about dockerhub removing free autobuilds in 10 days.. Will this affect your maintenance of the container?

Many thanks

Hi,
just added this new docker on my machine and noticed that when you log out from the web gui the password is not cancelled; this could be considered a security problem.
I noticed this with firefox 91.0.1 on win10.

I would like to see a video on installation for beginners. it is possible

Currently it doesn't seem to work to add custom NAT rules that forwards VPN traffic out on certain interfaces based on the subnet that the VPN clients try to reach. I am aware that this might not be a standard setup but it should still be possible to somehow edit the NAT rules.

Maybe there is no need for custom NAT rules but I don't know how docker handles NAT rules here exactly.
Does the container just NAT everything via the local VM/server which then knows where to route the packets to based on it's local routes?

Goal: Have WG route traffic directly to specific subnets if connected via an additional NIC.

Can I create a full mesh vpn with wg-easy. It seems like there is a central server
involved when using wg-easy?

Love your dashboard! Is there any documentation on how to use the API for creating/editing/deleting/enabling/deleting clients?

I had to restart my server today and after that, wireguard lost the connection to the wan. I can access my lan without any problems and it works as usual. But I get a connection error as soon as I try to open a website hosted outside of my lan. Looks like a routing problem to me but I have no idea how to check, debug or fix that.

Hello.
I get a error with Portainer Stack:

$ wg-quick up wg0
Error: Command failed: wg-quick up wg0

What can i do?

Is there any way to disable password prompt that comes at the start of ui? I looked for it in the source as well, but looks like it is mandatory for now.

I don't really need it as I use authelia with 2fa for authentication with traefik reverse-proxy.

This wg-easy actually don't support https request. Any chance to add into the roadmap? btw: great job! Simple and nice!

Kudos for this awesome project !
I had been using Subspace prior to this, but I must the deployment for this is much simpler and the UI is more polished.

However one feature I would like to request is Multi User Environment (preferably with LDAP). Subspace offers SSO with ADFS, however that is not implemented easily.

Hello sir , first of all thank you for the great job . i really enjoyed it . is it possible to add expiry date for users?

Is there a way to include ipv6 configuration by default

I have already wireguard-tools installed, and I only want to add an UI on it.

So I did the installation step by step but when I try to start it up using docker-compose up it just throws a error.

wg-easy    | 2021-05-26T17:23:40.717Z Server Listening on http://0.0.0.0:51821
wg-easy    | 2021-05-26T17:23:40.719Z WireGuard Loading configuration...
wg-easy    | $ wg genkey
wg-easy    | $ echo <propably secret ;)> | wg pubkey
wg-easy    | 2021-05-26T17:23:40.734Z WireGuard Configuration generated.
wg-easy    | 2021-05-26T17:23:40.735Z WireGuard Saving config...
wg-easy    | 2021-05-26T17:23:40.737Z WireGuard Config saved.
wg-easy    | $ wg-quick up wg0
wg-easy    | Error: Command failed: wg-quick up wg0
wg-easy    | Warning: '/etc/wireguard/wg0.conf' is world accessible
wg-easy    | [#] ip link add wg0 type wireguard
wg-easy    | RTNETLINK answers: Not supported
wg-easy    | Unable to access interface: Protocol not supported
wg-easy    | [#] ip link delete dev wg0
wg-easy    | Cannot find device "wg0"
wg-easy    | 
wg-easy    |     at ChildProcess.exithandler (child_process.js:319:12)
wg-easy    |     at ChildProcess.emit (events.js:376:20)
wg-easy    |     at maybeClose (internal/child_process.js:1055:16)
wg-easy    |     at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5) {
wg-easy    |   killed: false,
wg-easy    |   code: 1,
wg-easy    |   signal: null,
wg-easy    |   cmd: 'wg-quick up wg0'
wg-easy    | }

It seems like something is missing which should not be the case if it is in a Docker Container.

Both my ISP and VPS provider support IPv6, would be nice if this app could support IPv6 NAT too.

I tried it running in the kubernetes (k3s) cluster. I get the following error:
error: error validating "wireguard": error validating data: ValidationError(Deployment.spec.template.spec.containers[0].securityContext): unknown field "sysctls" in io.k8s.api.core.v1.SecurityContext; if you choose to ignore these errors, turn validation off with --validate=false

my deployment.yml looks like this:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: wireguard
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wireguard
  template:
    metadata:
      labels:
        app: wireguard
    spec:
      containers:
      - name: wireguard
        image: weejewel/wg-easy
        ports:
        - name: wireguard
          containerPort: 51820
          protocol: UDP
        - name: web
          containerPort: 51821
          protocol: TCP
        env:
        - name: TZ
          value: America/New_York
        - name: WG_HOST
          value: vpn.example.com
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - SYS_MODULE
          sysctls:
          - name: net.ipv4.conf.all.src_valid_mark
            value: "1"

from my host machine (debain):

root@nas:~# cat /etc/sysctl.conf| grep net.ipv4.ip_forward
net.ipv4.ip_forward=1
root@nas:~# sysctl -a | grep net.ipv4.conf.all.src_valid_mark
net.ipv4.conf.all.src_valid_mark = 0
root@nas:~# cat /etc/debian_version
10.9

1. Could it be because my host machine shows net.ipv4.conf.all.src_valid_mark as "0". If yes, how to turn this to "1"?
2. Or do I need to allow unsafe sysctls in kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/

2021-06-11T05:03:41.232Z Server Listening on http://0.0.0.0:51821
2021-06-11T05:03:41.233Z WireGuard Loading configuration...
2021-06-11T05:03:41.239Z WireGuard Configuration loaded.
2021-06-11T05:03:41.240Z WireGuard Saving config...
2021-06-11T05:03:41.250Z WireGuard Config saved.
$ wg-quick up wg0
Error: Command failed: wg-quick up wg0
Warning: `/etc/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
RTNETLINK answers: Not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"

at ChildProcess.exithandler (child_process.js:319:12)
at ChildProcess.emit (events.js:376:20)
at maybeClose (internal/child_process.js:1055:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5) {

killed: false,
code: 1,
signal: null,
cmd: 'wg-quick up wg0'
}

Hi,
I seen your project this week, it's very great.
Today, I have try to use your project but I have a problem.
I have follow your steps, but I start my container with (docker-compose up --detach) and after the container reboot in loop.

Here my config :

Here is my system informations :

• Debian 10.10 : Linux Debian 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux
• Docker : Docker version 20.10.8, build 3967b7d
• Docker-compose : docker-compose version 1.29.2, build 5becea4c

If you have a idea or a solve, i want.

Thanks !

First of all; you (guys) are the first to really pull this off, love it!

A question though, no idea how wireguard fully works, but is it possible to implement DDNS for the WG_HOST?
Since in my case I use Cloudflare and do not want my wan-ip visible... if the WG_HOST could be generated to the current WAN_IP then that would be great! Even if existing tunnels are broken... (if that ever happens)?!

Okay another Issue. So now that the server is up and running I created a client and added it from my phone. I switched from my phone from WiFi to LTE and turned on the VPN. It shows that it connected and in the webinterface I do see that it is connected but for some reason i cannot exchange any data. I am not able to access any webpage or if I try to access my internal Smart Home (which connects via a internal IP) it is not able to connect to it.
I changed the Default Address to 10.10.66.x because my subnet is 255.255.0.0 and all of my IPs are based on 10.10.x.x. I did saw that the CIDR was set to /24 in the client and i changed it to /16 but it did not helped at all. Maybe anyone got a solution.

I am running the application with node server.js. I have set the password on the config.js file like so:

module.exports.PASSWORD = process.env.PASSWORD || 'password';

When I go to the page, I keep getting the modal window stating "Not Logged In," but no prompt for password shows. What am I doing wrong?

There's no way to edit a client's name once you hit submit. Granted I can just delete and re-add the client, it would be easier if there was an option to edit the client name !

how to fix it???

$ wg-quick up wg0

Error: Command failed: wg-quick up wg0

[#] ip link add wg0 type wireguard

RTNETLINK answers: Operation not permitted

Unable to access interface: Protocol not supported

[#] ip link delete dev wg0

Cannot find device "wg0"

at ChildProcess.exithandler (child_process.js:319:12)


at ChildProcess.emit (events.js:376:20)


at maybeClose (internal/child_process.js:1055:16)


at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5) {

killed: false,

code: 1,

signal: null,

cmd: 'wg-quick up wg0'

Currently I use PiVPN, installed bare on my Ubuntu-based host homeserver. All other things run via Docker Compose.
With PiVPN (during initial install) you can set a few client-config defaults, any client config that will be created will then in my example have:

DNS servers: 
192.168.88.2
Allowed IPs: 
192.168.88.0/24, ::/0

This way, the tunnel is only used to access the LAN (192.168.88.0/24) and for all DNS requests (my server runs Adguard Home in docker compose via network:host and Unboud in dockers bridge network).

May I suggest adding a ENV variable to set the default for Allowed IPs in the client config? You already provide the default DNS env variable.

One of the more difficult things to configure with Wireguard, is to by default, block access to any LAN service/port, except for service/port X,Y,Z: the services you actually want to be able to access remotely via VPN. For example: Jellyfin or Emby.

Usecase: if I want to share Jellyfin or Emby with the parents or friends via wg-easy, I would only want to allow them to access port 8096, all other ports should be blocked by default. Otherwise, they would have full access to my server, other ports and other devices on the network.

It would be absolutely amazing if this could be configured per client in the webUI (_block all ports, allow only ports ...).

Will be awesome that this be able to save the client logs: ip, port, etc. Also this features:

• the quantity input/output data transfer per user.
• block websites and/or ports

I think web UI is on 51821, nothing is on port 80? Thanks for wg-easy!

If I start wg-easy with default settings and then decide to change the IP range to eg. 192.168.200.x through env-variables the clients will get addresses in the new range but the server still has the old 10.8.0.1 address. Shouldn't it be updated to 192.168.200.1?

Since the wg0.conf gets overwritten how am i supposed to add PostUp rules?

Could the PersistentKeepalive setting be implemented? Thanks!

Hello is there any way to use an API Key, or something like that to access and manage it via Json from a third-party app?
By the way, thank you very much for this system, it is an excellent tool to easily manage wireguard.

Thank-you for this project. I have yet to successfully run and test this, pending issues mentioned in #3.
I am trying to run a roadwarrior style vpn, will it be possible to run it using wg-easy, would I need to make any config changes or it will run roadwarrior style vpn from the get go.

I hope to be able to access hosts and services (like smb, nfs, printer, etc) running in my home network from the connected vpn client device.

Hi!
When I create the container it gives me this error.
I have docker 20.10 with debian 10 and kernel 4.19.0

Could it be because of the kernel version?

wg-easy    | 2021-06-07T06:20:12.235Z Server Listening on http://0.0.0.0:51821
wg-easy    | 2021-06-07T06:20:12.239Z WireGuard Loading configuration...
wg-easy    | 2021-06-07T06:20:12.244Z WireGuard Configuration loaded.
wg-easy    | 2021-06-07T06:20:12.245Z WireGuard Saving config...
wg-easy    | 2021-06-07T06:20:12.250Z WireGuard Config saved.
wg-easy    | $ wg-quick up wg0
wg-easy    | Error: Command failed: wg-quick up wg0
wg-easy    | Warning: `/etc/wireguard/wg0.conf' is world accessible
wg-easy    | [#] ip link add wg0 type wireguard
wg-easy    | RTNETLINK answers: Not supported
wg-easy    | Unable to access interface: Protocol not supported
wg-easy    | [#] ip link delete dev wg0
wg-easy    | Cannot find device "wg0"
wg-easy    | 
wg-easy    |     at ChildProcess.exithandler (child_process.js:319:12)
wg-easy    |     at ChildProcess.emit (events.js:376:20)
wg-easy    |     at maybeClose (internal/child_process.js:1055:16)
wg-easy    |     at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5) {
wg-easy    |   killed: false,
wg-easy    |   code: 1,
wg-easy    |   signal: null,
wg-easy    |   cmd: 'wg-quick up wg0'
wg-easy    | }
wg-easy exited with code 1

Hi,

considering a few points:

1. docker containers are designed to run a single process within
2. and end-user of your image could already have wg installed/running

could you please compose an image just with the UI part?

I have a wg container already running and just want the UI :) Would be nice just to pull the image without forking the repo

WG_PORT value is not used when the container starts and configures IPTABLES

My compose:

##____________________ WG-easy [Management/VPN]
  VPN-wg-easy:
    container_name: VPN-wg-easy
    image: weejewel/wg-easy
    restart: always
    networks: 
      - management
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    environment:
      WG_HOST: $DOMAIN
      PASSWORD: $PW_EXT
      WG_PORT: 51822
      WG_DEFAULT_ADDRESS: 10.6.0.x
      WG_DEFAULT_DNS: 192.168.88.2 #this is the LAN IP of localhost, dns goes via AdGuardHome/Unbound (both in docker)
    volumes:
      - $DOCKERDIR/VPN-wg-easy:/etc/wireguard
    ports:
      - 51822:51822/udp
      - 5100:51821/tcp
    restart: unless-stopped

Regardless of the WG_PORT value, the log shows:

2021-06-01T11:40:23.965Z Server Listening on http://0.0.0.0:51821,
2021-06-01T11:40:23.965Z WireGuard Loading configuration...,
2021-06-01T11:40:23.967Z WireGuard Configuration loaded.,
2021-06-01T11:40:23.967Z WireGuard Saving config...,
2021-06-01T11:40:23.967Z WireGuard Config saved.,
$ wg-quick up wg0,
$ iptables -t nat -A POSTROUTING -s 10.6.0.0/24 -o eth0 -j MASQUERADE,
$ iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT,
$ iptables -A FORWARD -i wg0 -j ACCEPT,
$ iptables -A FORWARD -o wg0 -j ACCEPT,
2021-06-01T11:40:24.033Z WireGuard Syncing config...,
$ wg syncconf wg0 <(wg-quick strip wg0),
2021-06-01T11:40:24.048Z WireGuard Config synced.,

I would not expect $ iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT because WG_PORT is set to 51822.
Now, no client can access the server, because in my case port 51820/udp is not opened in my router.

As a workaround, to deviate from the default 51820/udp, I had to remove the WG_PORT env variable and changed my ports section:

    ports:
      - 51822:51820/udp

This is totally fine of course, but it took me almost an hour figuring this out. I thought I did not uninstall PiVPN (on the host) properly, or some router issue had to be the culprit.
Please consider removing WG_PORT from the documentation and as env variable, if users want to deviate from the default, they can configure their ports section accordingly. Keeping it even more simple :)

Is it possible to have it without Docker?

I've found that if I change the port to anything but the default 51820 I can no longer connect. The log will just show
$ wg show wg0 dump

• WG_PORT=21820 is set and docker ports changed to match. allowed in ufw and did port forwarding but no luck. It only will work with default. Any thoughts?

First of all, thanks for the extraordinary work! I know this topic was already covered. But since I'm a noob, can you please clarify if I need to install the Wireguard packages for it to work?
Thanks

I have to delete it manually in download config file.

Please update the requirements section on the help page so people don't think Wireguard is included in the docker install.

This can be confusing since there are wireguard docker containers but these are not included in here.

I would like to request the ability to configure the 'AllowedIPs ' setting on the client downloadable file.

While having 0.0.0.0/0 and ::/0 works great if you want a VPN to the internet it would be nice to be able to configure AllowedIPs as a global set of ips for all peers via env var or per client in the web interface.

Thanks!

Hi, First of all, thanks for making WG-Easy. It has taken out a lot of work on WG Management.

I have created a modified version of WIREHOLE using pihole,unbound and WG-Easy. It is working flawlessly during my testing with a single user. I am still using it as I type.

However I am currently facing an issue where I am getting an error message - Maximum number of clients reached whenever I try to add more clients.

Docker-Compose File -

version: "3.5"

networks:
  private_network:
	ipam:
	  driver: default
	  config:
		- subnet: 10.2.0.0/24

services:
  unbound:
	image: "klutchell/unbound"
	container_name: unbound
	restart: unless-stopped
	hostname: "unbound"
	ports:
	  - "5053:5053/udp"
	networks:
	  private_network:
		ipv4_address: 10.2.0.200

  wireguard:
	depends_on: [unbound, pihole]
	image: weejewel/wg-easy
	hostname: "wg-easy"
	container_name: wg-easy
	cap_add:
	  - NET_ADMIN
	  - SYS_MODULE
	environment:
	  # ⚠️ Required:
	  # Change this to your host's public address
	  - WG_HOST=wg.example.com

	  # Optional:
	  - PASSWORD=somepassword
	  - WG_PORT=51820
	  - WG_DEFAULT_ADDRESS=10.6.0.1
	  - WG_DEFAULT_DNS=10.2.0.100 # Set it to point to pihole
	  # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
	volumes:
	  - /lib/modules:/lib/modules
	  - .:/etc/wireguard
	ports:
	  - "51820:51820/udp"
	  - "51821:51821/tcp"
	dns:
	  - 10.2.0.100 # Points to pihole
	  - 10.2.0.200#5053 # Points to unbound
	sysctls:
	  - net.ipv4.conf.all.src_valid_mark=1
	  - net.ipv4.ip_forward=1
	restart: unless-stopped
	networks:
	  private_network:
		ipv4_address: "10.2.0.3"

  pihole:
	depends_on: [unbound]
	container_name: pihole
	image: jacklul/pihole:latest
	restart: unless-stopped
	hostname: pihole
	dns:
	  - 127.0.0.1
	  - 10.2.0.200#5053 # Points to unbound
	environment:
	  TZ: "America/NewYork"
	  WEBPASSWORD: "" # Blank password - Can be whatever you want.
	  ServerIP: "10.1.0.100" # Internal IP of pihole
	  DNS1: 10.2.0.200#5053 # Unbound IP
	  DNS2: 10.2.0.200#5053 # If we don't specify two, it will auto pick google.
	# Volumes store your data between container upgrades
	volumes:
	  - "./etc-pihole/:/etc/pihole/"
	  - "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
	  - "./etc-pihole-updatelists/:/etc/pihole-updatelists/"
	# Recommended but not required (DHCP needs NET_ADMIN)
	#   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
	cap_add:
	  - NET_ADMIN
	networks:
	  private_network:
		ipv4_address: "10.2.0.100"

wg-easy is currently not licensed which makes it proprietary. Please consider licensing it under an https://opensource.org/licenses/category license. This would make it easier for others to contribute to the project or use it.

See docker-compose logs, can we disable this? Thanks for wg-easy!

today at 17:23:45 $ wg show wg0 dump
today at 17:23:46 $ wg show wg0 dump
today at 17:23:47 $ wg show wg0 dump
today at 17:23:48 $ wg show wg0 dump
today at 17:23:49 $ wg show wg0 dump
today at 17:23:50 $ wg show wg0 dump
today at 17:23:51 $ wg show wg0 dump
today at 17:23:52 $ wg show wg0 dump
today at 17:23:53 $ wg show wg0 dump
today at 17:23:54 $ wg show wg0 dump
today at 17:23:55 $ wg show wg0 dump
today at 17:23:56 $ wg show wg0 dump
today at 17:23:57 $ wg show wg0 dump
today at 17:23:58 $ wg show wg0 dump
today at 17:23:59 $ wg show wg0 dump
today at 17:24:00 $ wg show wg0 dump
today at 17:24:01 $ wg show wg0 dump
today at 17:24:02 $ wg show wg0 dump
today at 17:24:03 $ wg show wg0 dump
today at 17:24:04 $ wg show wg0 dump
today at 17:24:05 $ wg show wg0 dump
today at 17:24:06 $ wg show wg0 dump
today at 17:24:07 $ wg show wg0 dump
today at 17:24:08 $ wg show wg0 dump
today at 17:24:09 $ wg show wg0 dump
today at 17:24:10 $ wg show wg0 dump
today at 17:24:11 $ wg show wg0 dump
today at 17:24:12 $ wg show wg0 dump
today at 17:24:13 $ wg show wg0 dump
today at 17:24:14 $ wg show wg0 dump
today at 17:24:15 $ wg show wg0 dump
today at 17:24:16 $ wg show wg0 dump
today at 17:24:17 $ wg show wg0 dump
today at 17:24:18 $ wg show wg0 dump
today at 17:24:19 $ wg show wg0 dump
today at 17:24:20 $ wg show wg0 dump
today at 17:24:21 $ wg show wg0 dump
today at 17:24:22 $ wg show wg0 dump
today at 17:24:23 $ wg show wg0 dump
today at 17:24:24 $ wg show wg0 dump
today at 17:24:25 $ wg show wg0 dump
today at 17:24:26 $ wg show wg0 dump
today at 17:24:27 $ wg show wg0 dump
today at 17:24:28 $ wg show wg0 dump

Can you add port forwarding

I've seen it uses Iptables instead...

I wanted to try this in Podman as I don't use Docker. To create the container, I initially tried to use podman-compose on the docker-compose.yml file. This resulted in error saying about the wg-easy pod being already created, so I decided to manually do create the pod and container now that I had the docker-compose command as a docker/podman create command.

I created a pod to hold the container:

podman pod create --cgroup-manager=cgroupfs --name wg-easy_pod --share cgroup,uts,ipc

I used the options '--cgroup-manager=cgroupfs' as I'm on Debian Bullseye and this is the only way to get Podman containers to run properly. I also used '--share cgroup,uts,ipc' so that I didn't have to open ports when creating the pod.

I then ran the command:

podman create --name=wg-easy --pod=wg-easy_pod -l io.podman.compose.config-hash=123 -l io.podman.compose.project=wg-easy -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=wg-easy -e WG_HOST=h-1.ddns.net --mount type=bind,source=/root/wg-easy/.,destination=/etc/wireguard --add-host wg-easy:127.0.0.1 --add-host wg-easy:127.0.0.1 --cgroup-manager=cgroupfs docker.io/weejewel/wg-easy

I inserted '--cgroup-manager=cgroupfs' for the same reason as before, and made sure to enter my WG_HOST parameter.

This went fine, no errors in creating the container from the image. The container wouldn't start though. To investigate why, I looked at the logs of the wg-easy container using podman logs wg-easy. Below is the output:

2021-06-03T23:13:11.516Z Server Listening on http://0.0.0.0:51821
2021-06-03T23:13:11.520Z WireGuard Loading configuration...
$ wg genkey
$ echo QJYozOS5Y9kJ+y5ZG2a4Pq9gxBYLiM/gB7hU7hId0XM= | wg pubkey
2021-06-03T23:13:11.553Z WireGuard Configuration generated.
2021-06-03T23:13:11.554Z WireGuard Saving config...
2021-06-03T23:13:11.557Z WireGuard Config saved.
$ wg-quick up wg0
Error: Command failed: wg-quick up wg0
Warning: `/etc/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not permitted
Unable to access interface: Operation not permitted
[#] ip link delete dev wg0
Cannot find device "wg0"
at ChildProcess.exithandler (child_process.js:319:12)
at ChildProcess.emit (events.js:376:20)
at maybeClose (internal/child_process.js:1055:16)
at Socket. (internal/child_process.js:441:11)
at Socket.emit (events.js:376:20)
at Pipe. (net.js:673:12) {
killed: false,
code: 1,
signal: null,
cmd: 'wg-quick up wg0'
}

(I couldn't get the code-text format working for the above chunk)

I haven't had issues running Docker images in Podman, although of course was not expecting this to go 100% smoothly as it was my first time trying to use a docker-compose file with Podman. It would be amazing if this project could be compatible with Podman.

I'm running DietPi 7.2.3 (Debian Bullseye) on an RPi 4B 4GB.

Podman version:
Version: 3.0.1
API Version: 3.0.0
Go Version: go1.15.9
Built: Thu Jan 1 01:00:00 1970
OS/Arch: linux/arm64