Update README.md

b818f614 · cmulk · GitHub · 71be11a3 · b818f614
Unverified Commit b818f614 authored Dec 29, 2018 by cmulk Committed by GitHub Dec 29, 2018
--- a/README.md
+++ b/README.md
 # wireguard-docker
 Wireguard setup in Docker on Debian stable kernel meant for a simple personal VPN
+
+## Overview
+This docker image and configuration is my simple version of a wireguard personal VPN, used for the goal of security over insecure (public) networks, not necessarily for Internet anonymity. The docker images uses debian stable, and the host OS must also use the debian stable kernel, since the image will build the wireguard kernel modules on first run. As such, the hosts /lib/modules directory also needs to be mounted to the container on the first run to install the module (see the Running section below). Thanks to [activeeos/wireguard-docker](https://github.com/activeeos/wireguard-docker) for the general structure of the docker image. It is the same concept just built on Ubuntu 16.04.
+
+In my use case, I'm running the wireguard docker image on a free-tier Google Cloud Platform debian virtual machine and connect to it with Android, Linux, and a GL-Inet router as clients.
+
+## Build
+```
+docker build -t wireguard:local github.com/cmulk/wireguard-docker
+```
+
+## Run
+### First Run
+If the wireguard kernel module is not already installed on the __host__ system, use this first run command to install it:
+```
+docker run -it --rm --cap-add sys_module -v /lib/modules:/lib/modules wireguard:local install-module
+```
+
+### Normal Run
+```
+docker run --cap-add net_admin --cap-add sys_module -v <config volume or host dir>:/etc/wireguard -p <externalport>:<dockerport>/udp wireguard:local
+```
+Example:
+docker run --cap-add net_admin --cap-add sys_module -v wireguard_conf:/etc/wireguard -p 5555:5555/udp wireguard:local
+### Generate Keys
+This shortcut can be used to generate and display public/private key pairs to use for the server or clients
+```
+docker -it --rm wireguard:local genkeys
+```
+
+## Configuration
+Sample server configuration to go in /etc/wireguard:
+```
+[Interface]
+Address = 192.168.20.1/24
+PrivateKey = <server_private_key>
+ListenPort = 5555
+
+[Peer]
+PublicKey = <client_public_key>
+AllowedIPs = 192.168.20.2
+```
+Sample client configuration:
+```
+[Interface]
+Address = 192.168.20.2/24
+PrivateKey = <client_private_key>
+ListenPort = 0 #needed for some clients to accept the config
+
+[Peer]
+PublicKey = <server_public_key>
+Endpoint = <server_public_ip>:5555
+AllowedIPs = 0.0.0.0/0,::/0 #makes sure ALL traffic routed through VPN
+PersistentKeepalive = 25
+```