From e85f721e879248a22c1323fb7bbe436b1f826d40 Mon Sep 17 00:00:00 2001 From: colin Date: Wed, 14 Feb 2024 22:31:21 +0000 Subject: [PATCH] Update README.md --- README.md | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 5e565fa..4a7cfb2 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,35 @@ # Wireguard VPN Docker Container -This Docker container sets up a Wireguard VPN server, automatically generating a specified number of client configurations for easy VPN access. +This Docker container sets up a Wireguard VPN server designed for a hub-and-spoke architecture. It functions as an egress node, allowing VPN clients to securely redirect traffic through this server. The setup is intended for scenarios where clients do not need to communicate with each other but require a secure method to access the internet or a private network via the VPN server. ## Features -- **Wireguard VPN Server**: Utilizes the lightweight and secure Wireguard protocol for VPN services. -- **Automatic Client Configuration**: Dynamically generates client configurations based on the specified number of clients. -- **External IP Discovery**: Automatically detects and applies the server's external IP address in client configurations for remote access. -- **Persistent Configuration**: Stores all configurations in a persistent Docker volume for easy management and backup. +- **Wireguard VPN Server**: Leverages the efficient and secure Wireguard protocol for the VPN service. +- **Egress Node Configuration**: Configured as an egress node, directing client traffic through the VPN server without allowing inter-client communication. +- **Automatic Client Configuration**: Automatically generates client configurations based on the specified number of clients, simplifying VPN access setup. +- **External IP Discovery**: Detects and uses the server's external IP address in client configurations, facilitating remote access to the VPN. +- **Persistent Configuration**: Utilizes a Docker volume to persist server and client configurations, ensuring easy management and configuration retention. ## Configuration -The setup is controlled through environment variables and volume mounts specified in `docker-compose.yml`. +Configuration is managed through environment variables and Docker volume mounts as specified in the `docker-compose.yml` file. ### Environment Variables -- `CLIENTS`: Specifies the number of client configurations to generate. Default is 1 if not set. +- `CLIENTS`: Determines the number of client configurations to generate. Defaults to 1 if not explicitly set. ### Volume Mounts -- `./config:/etc/wireguard`: Mounts the Wireguard configuration directory to persist server and client configurations outside the container. +- `./config:/etc/wireguard`: Maps the Wireguard configuration directory to a host directory, storing server and client configurations persistently outside the container. ## Usage -1. **Set the Number of Clients**: Edit `docker-compose.yml` to specify the number of client configurations needed by setting the `CLIENTS` environment variable. +1. **Specify Client Count**: In `docker-compose.yml`, adjust the `CLIENTS` environment variable to set the desired number of client configurations. +2. **Build and Launch**: Execute `docker-compose up --build` to build the Docker image if necessary, start the Wireguard server, and generate the client configurations. +3. **Retrieve Client Configurations**: Find the generated client configurations in the host's `./config` directory, named as `client1.conf`, `client2.conf`, etc., according to the specified client count. -2. **Build and Start the Container**: Run `docker-compose up --build`. This builds the Docker image if necessary, starts the Wireguard server, and generates client configurations. +## Design Note -3. **Access Client Configurations**: Client configurations are stored in the `./config` directory on the host, named `client1.conf`, `client2.conf`, etc., based on the number of clients specified. +This container is specifically tailored for setups requiring a secure egress point for internet or network access, where direct communication between VPN clients is not needed or desired. It is an ideal solution for users looking to securely route traffic through a central node. -## Note - -This container automatically handles IP forwarding and NAT setup for the VPN traffic. Ensure your host system allows UDP traffic on port 51820 for Wireguard to function correctly. +Ensure the host system is configured to allow UDP traffic on Wireguard's default port, 51820, to ensure proper VPN functionality.