© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
This guide will help you migrate from v14 to version v15 of wg-easy.
This is a complete rewrite of the wg-easy project. Therefore the configuration files and the way you interact with the project have changed.
wg-easy project. Therefore the configuration files and the way you interact with the project have changed.v15 yet. We are working on it.INSECURE environment variable to true in the new container.Before you start the migration, make sure to backup your existing configuration files.
@@ -1107,7 +1111,7 @@docker-compose down
Follow the instructions in the Getting Started or Basic Installation guide to start the new container.
+Follow the instructions in the Getting Started or Basic Installation guide to start the new container.
In the setup wizard, select that you already already have a configuration file and upload the wg0.json file you downloaded in the backup step.
You have now successfully migrated to v15 of wg-easy.
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
wg-easyThis Documentation is Versioned
-Make sure to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the :latest image tag - the most recent stable release.
Make sure to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the :latest image tag - the most recent stable release.
This documentation provides you not only with the basic setup and configuration of wg-easy but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
wg-easy is the easiest way to run WireGuard VPN + Web-based Admin UI.
If you're new to wg-easy, make sure to read the Usage chapter first. If you want to look at examples for Docker Run and Compose, we have an Examples page.
+If you're new to wg-easy, make sure to read the Getting Started chapter first. If you want to look at examples for Docker Run and Compose, we have an Examples page.
We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the Contributing section.
+If you are migrating from an older version of wg-easy, please read the Migration chapter.
© Wireguard Easy Organization
This project is licensed under the GNU Affero General Public License v3.0 or later.
© Wireguard Easy
This project is licensed under AGPL-3.0-only.
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
wg-easy","text":"\u00a0This Documentation is Versioned
Make sure to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the :latest image tag - the most recent stable release.
This documentation provides you not only with the basic setup and configuration of wg-easy but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
"},{"location":"#about","title":"About","text":"wg-easy is the easiest way to run WireGuard VPN + Web-based Admin UI.
If you're new to wg-easy, make sure to read the Usage chapter first. If you want to look at examples for Docker Run and Compose, we have an Examples page.
"},{"location":"#contributing","title":"Contributing","text":"We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the Contributing section.
"},{"location":"getting-started/","title":"Getting Started","text":"This page explains how to get started with wg-easy. The guide uses Docker Compose as a reference. In our examples, we mount the named volume etc_wireguard to /etc/wireguard inside the container.
Before you can get started with deploying your own VPN, there are some requirements to be met:
There are a few requirements for a suitable host system:
About the Container Runtime
On the host, you need to have a suitable container runtime (like Docker or Podman) installed. We assume Docker Compose is installed. We have aligned file names and configuration conventions with the latest Docker Compose specification. If you're using podman, make sure to read the related documentation.
"},{"location":"getting-started/#deploying-the-actual-image","title":"Deploying the Actual Image","text":""},{"location":"getting-started/#tagging-convention","title":"Tagging Convention","text":"To understand which tags you should use, read this section carefully. Our CI will automatically build, test and push new images to the following container registry:
ghcr.io/wg-easy/wg-easy)All workflows are using the tagging convention listed below. It is subsequently applied to all images.
Event Image Tagscron on master nightly push a tag (v1.2.3) 1.2.3, 1.2, 1, latest When publishing a tag we follow the Semantic Versioning specification. The latest tag is always pointing to the latest stable release. If you want to avoid breaking changes, use the major version tag (e.g. 15).
Issue the following command to acquire the necessary file:
wget \"https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml\"\nTo start the container, issue the following command:
sudo docker compose up -d\nNow follow the setup process in your web browser
"},{"location":"getting-started/#stopping-the-container","title":"Stopping the Container","text":"To stop the container, issue the following command:
sudo docker compose down\nUsing the Correct Commands For Stopping and Starting wg-easy
Use sudo docker compose up / down, not sudo docker compose start / stop. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.
That's it! It really is that easy.
If you need more help you can read the Basic Installation Tutorial.
"},{"location":"advanced/api/","title":"API","text":"TODO
"},{"location":"advanced/config/optional-config/","title":"Optional Configuration","text":"TODO
"},{"location":"advanced/migrate/from-14-to-15/","title":"Migrate from v14 to v15","text":"This guide will help you migrate from v14 to version v15 of wg-easy.
This is a complete rewrite of the wg-easy project. Therefore the configuration files and the way you interact with the project have changed.
Before you start the migration, make sure to backup your existing configuration files.
Go into the Web Ui and click the Backup button, this should download a wg0.json file.
Or download the wg0.json file from your container volume to your pc.
You will need this file for the migration
"},{"location":"advanced/migrate/from-14-to-15/#remove-old-container","title":"Remove old container","text":"If you are using docker run
docker stop wg-easy\nIf you are using docker-compose
docker-compose down\nFollow the instructions in the Getting Started or Basic Installation guide to start the new container.
In the setup wizard, select that you already already have a configuration file and upload the wg0.json file you downloaded in the backup step.
You have now successfully migrated to v15 of wg-easy.
When refactoring, writing or altering files, adhere to these rules:
pnpm lint to check your scripts! Your contributions are checked by GitHub Actions too, so you will need to do this..vscode/settings.json file.Make sure to select nightly in the dropdown menu at the top. Navigate to the page you would like to edit and click the edit button in the top right. This allows you to make changes and create a pull-request.
Alternatively you can make the changes locally. For that you'll need to have Docker installed. Run
pnpm docs:serve\nThis serves the documentation on your local machine on port 8080. Each change will be hot-reloaded onto the page you view, just edit, save and look at the result.
This project is Open Source. That means that you can contribute on enhancements, bug fixing or improving the documentation.
"},{"location":"contributing/issues-and-pull-requests/#opening-an-issue","title":"Opening an Issue","text":"Attention
Before opening an issue, read the README carefully, study the docs for your version (maybe latest) and your search engine you trust. The issue tracker is not meant to be used for unrelated questions!
When opening an issue, please provide details use case to let the community reproduce your problem.
Attention
Use the issue templates to provide the necessary information. Issues which do not use these templates are not worked on and closed.
By raising issues, I agree to these terms and I understand, that the rules set for the issue tracker will help both maintainers as well as everyone to find a solution.
Maintainers take the time to improve on this project and help by solving issues together. It is therefore expected from others to make an effort and comply with the rules.
"},{"location":"contributing/issues-and-pull-requests/#filing-a-bug-report","title":"Filing a Bug Report","text":"Thank you for participating in this project and reporting a bug. wg-easy is a community-driven project, and each contribution counts!
Maintainers and moderators are volunteers. We greatly appreciate reports that take the time to provide detailed information via the template, enabling us to help you in the best and quickest way. Ignoring the template provided may seem easier, but discourages receiving any support (via assignment of the label meta/no template - no support).
Markdown formatting can be used in almost all text fields (unless stated otherwise in the description).
Be as precise as possible, and if in doubt, it's best to add more information that too few.
When an option is marked with \"not officially supported\" / \"unsupported\", then support is dependent on availability from specific maintainers.
"},{"location":"contributing/issues-and-pull-requests/#pull-requests","title":"Pull Requests","text":"Motivation
You want to add a feature? Feel free to start creating an issue explaining what you want to do and how you're thinking doing it. Other users may have the same need and collaboration may lead to better results.
"},{"location":"contributing/issues-and-pull-requests/#submit-a-pull-request","title":"Submit a Pull-Request","text":"The development workflow is the following:
master. Please use the pull-request template to provide a minimum of contextual information and make sure to meet the requirements of the checklist.Pull requests are automatically tested against the CI and will be reviewed when tests pass. When your changes are validated, your branch is merged. CI builds the new :nightly image every night and your changes will be includes in the next version release.
Follow the Docs here: https://docs.docker.com/engine/install/ and install Docker on your host.
"},{"location":"examples/tutorials/basic-installation/#install-wg-easy","title":"Installwg-easy","text":"DIR=/docker/wg-easy\nsudo mkdir -p $DIR\nsudo curl -o $URL/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml\nwg-easy sudo docker-compose -f $DIR/docker-compose.yml up -d\nIf you are using a firewall, you need to open the following ports:
These ports can be changed, so if you change them you have to update your firewall rules accordingly.
"},{"location":"examples/tutorials/basic-installation/#setup-reverse-proxy","title":"Setup Reverse Proxy","text":"TODO
"},{"location":"examples/tutorials/basic-installation/#access-the-web-ui","title":"Access the Web UI","text":"Open your browser and navigate to https://<your-domain>:51821 or https://<your-ip>:51821.
Follow the instructions to set up your WireGuard VPN.
"},{"location":"examples/tutorials/dockerless/","title":"Without Docker","text":"TODO
"},{"location":"examples/tutorials/podman/","title":"Podman","text":"This guide will show you how to run wg-easy with rootful Podman and nftables.
Create a Folder for the configuration files:
sudo mkdir -p /etc/containers/systemd/wg-easy\nsudo mkdir -p /etc/containers/volumes/wg-easy\nCreate a file /etc/containers/systemd/wg-easy/wg-easy.container with the following content:
[Container]\nContainerName=wg-easy\nImage=ghcr.io/wg-easy/wg-easy:latest\n\nVolume=/etc/containers/volumes/wg-easy:/etc/wireguard:Z\nNetwork=wg-easy.network\nPublishPort=51820:51820/udp\nPublishPort=51821:51821/tcp\n\nAddCapability=NET_ADMIN\nAddCapability=SYS_MODULE\nAddCapability=NET_RAW\nSysctl=net.ipv4.ip_forward=1\nSysctl=net.ipv4.conf.all.src_valid_mark=1\nSysctl=net.ipv6.conf.all.disable_ipv6=0\nSysctl=net.ipv6.conf.all.forwarding=1\nSysctl=net.ipv6.conf.default.forwarding=1\n\n[Install]\n# this is used to start the container on boot\nWantedBy=default.target\nCreate a file /etc/containers/systemd/wg-easy/wg-easy.network with the following content:
[Network]\nNetworkName=wg-easy\nIPv6=true\nYou will need to load the following kernel modules
wireguard\nnft_masq\nCreate a file /etc/modules-load.d/wg-easy.conf with the following content:
wireguard\nnft_masq\nsudo systemctl daemon-reload\nsudo systemctl start wg-easy\nIn the Admin Panel of your WireGuard server, go to the Hooks tab and add the following hook:
apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \\; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \\; policy drop \\; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \\; policy drop \\; }; nft add rule inet wg_table forward iifname \"wg0\" accept; nft add rule inet wg_table forward oifname \"wg0\" accept;\nnft delete table inet wg_table\nwg-easy","text":"\u00a0This Documentation is Versioned
Make sure to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the :latest image tag - the most recent stable release.
This documentation provides you not only with the basic setup and configuration of wg-easy but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
"},{"location":"#about","title":"About","text":"wg-easy is the easiest way to run WireGuard VPN + Web-based Admin UI.
If you're new to wg-easy, make sure to read the Getting Started chapter first. If you want to look at examples for Docker Run and Compose, we have an Examples page.
"},{"location":"#contributing","title":"Contributing","text":"We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the Contributing section.
"},{"location":"#migration","title":"Migration","text":"If you are migrating from an older version of wg-easy, please read the Migration chapter.
This page explains how to get started with wg-easy. The guide uses Docker Compose as a reference. In our examples, we mount the named volume etc_wireguard to /etc/wireguard inside the container.
Before you can get started with deploying your own VPN, there are some requirements to be met:
There are a few requirements for a suitable host system:
About the Container Runtime
On the host, you need to have a suitable container runtime (like Docker or Podman) installed. We assume Docker Compose is installed. We have aligned file names and configuration conventions with the latest Docker Compose specification. If you're using podman, make sure to read the related documentation.
"},{"location":"getting-started/#deploying-the-actual-image","title":"Deploying the Actual Image","text":""},{"location":"getting-started/#tagging-convention","title":"Tagging Convention","text":"To understand which tags you should use, read this section carefully. Our CI will automatically build, test and push new images to the following container registry:
ghcr.io/wg-easy/wg-easy)All workflows are using the tagging convention listed below. It is subsequently applied to all images.
Event Image Tagscron on master nightly push a tag (v1.2.3) 1.2.3, 1.2, 1, latest When publishing a tag we follow the Semantic Versioning specification. The latest tag is always pointing to the latest stable release. If you want to avoid breaking changes, use the major version tag (e.g. 15).
Issue the following command to acquire the necessary file:
wget \"https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml\"\nTo start the container, issue the following command:
sudo docker compose up -d\nNow follow the setup process in your web browser
"},{"location":"getting-started/#stopping-the-container","title":"Stopping the Container","text":"To stop the container, issue the following command:
sudo docker compose down\nUsing the Correct Commands For Stopping and Starting wg-easy
Use sudo docker compose up / down, not sudo docker compose start / stop. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.
That's it! It really is that easy.
If you need more help you can read the Basic Installation Tutorial.
"},{"location":"advanced/api/","title":"API","text":"TODO
"},{"location":"advanced/config/optional-config/","title":"Optional Configuration","text":"TODO
"},{"location":"advanced/migrate/from-14-to-15/","title":"Migrate from v14 to v15","text":"This guide will help you migrate from v14 to version v15 of wg-easy.
wg-easy project. Therefore the configuration files and the way you interact with the project have changed.v15 yet. We are working on it.INSECURE environment variable to true in the new container.Before you start the migration, make sure to backup your existing configuration files.
Go into the Web Ui and click the Backup button, this should download a wg0.json file.
Or download the wg0.json file from your container volume to your pc.
You will need this file for the migration
"},{"location":"advanced/migrate/from-14-to-15/#remove-old-container","title":"Remove old container","text":"If you are using docker run
docker stop wg-easy\nIf you are using docker-compose
docker-compose down\nFollow the instructions in the Getting Started or Basic Installation guide to start the new container.
In the setup wizard, select that you already already have a configuration file and upload the wg0.json file you downloaded in the backup step.
You have now successfully migrated to v15 of wg-easy.
When refactoring, writing or altering files, adhere to these rules:
pnpm lint to check your scripts! Your contributions are checked by GitHub Actions too, so you will need to do this..vscode/settings.json file.Make sure to select nightly in the dropdown menu at the top. Navigate to the page you would like to edit and click the edit button in the top right. This allows you to make changes and create a pull-request.
Alternatively you can make the changes locally. For that you'll need to have Docker installed. Run
pnpm docs:serve\nThis serves the documentation on your local machine on port 8080. Each change will be hot-reloaded onto the page you view, just edit, save and look at the result.
This project is Open Source. That means that you can contribute on enhancements, bug fixing or improving the documentation.
"},{"location":"contributing/issues-and-pull-requests/#opening-an-issue","title":"Opening an Issue","text":"Attention
Before opening an issue, read the README carefully, study the docs for your version (maybe latest) and your search engine you trust. The issue tracker is not meant to be used for unrelated questions!
When opening an issue, please provide details use case to let the community reproduce your problem.
Attention
Use the issue templates to provide the necessary information. Issues which do not use these templates are not worked on and closed.
By raising issues, I agree to these terms and I understand, that the rules set for the issue tracker will help both maintainers as well as everyone to find a solution.
Maintainers take the time to improve on this project and help by solving issues together. It is therefore expected from others to make an effort and comply with the rules.
"},{"location":"contributing/issues-and-pull-requests/#filing-a-bug-report","title":"Filing a Bug Report","text":"Thank you for participating in this project and reporting a bug. wg-easy is a community-driven project, and each contribution counts!
Maintainers and moderators are volunteers. We greatly appreciate reports that take the time to provide detailed information via the template, enabling us to help you in the best and quickest way. Ignoring the template provided may seem easier, but discourages receiving any support (via assignment of the label meta/no template - no support).
Markdown formatting can be used in almost all text fields (unless stated otherwise in the description).
Be as precise as possible, and if in doubt, it's best to add more information that too few.
When an option is marked with \"not officially supported\" / \"unsupported\", then support is dependent on availability from specific maintainers.
"},{"location":"contributing/issues-and-pull-requests/#pull-requests","title":"Pull Requests","text":"Motivation
You want to add a feature? Feel free to start creating an issue explaining what you want to do and how you're thinking doing it. Other users may have the same need and collaboration may lead to better results.
"},{"location":"contributing/issues-and-pull-requests/#submit-a-pull-request","title":"Submit a Pull-Request","text":"The development workflow is the following:
master. Please use the pull-request template to provide a minimum of contextual information and make sure to meet the requirements of the checklist.Pull requests are automatically tested against the CI and will be reviewed when tests pass. When your changes are validated, your branch is merged. CI builds the new :nightly image every night and your changes will be includes in the next version release.
Follow the Docs here: https://docs.docker.com/engine/install/ and install Docker on your host.
"},{"location":"examples/tutorials/basic-installation/#install-wg-easy","title":"Installwg-easy","text":"DIR=/docker/wg-easy\nsudo mkdir -p $DIR\nsudo curl -o $URL/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml\nwg-easy sudo docker-compose -f $DIR/docker-compose.yml up -d\nIf you are using a firewall, you need to open the following ports:
These ports can be changed, so if you change them you have to update your firewall rules accordingly.
"},{"location":"examples/tutorials/basic-installation/#setup-reverse-proxy","title":"Setup Reverse Proxy","text":"TODO
"},{"location":"examples/tutorials/basic-installation/#access-the-web-ui","title":"Access the Web UI","text":"Open your browser and navigate to https://<your-domain>:51821 or https://<your-ip>:51821.
Follow the instructions to set up your WireGuard VPN.
"},{"location":"examples/tutorials/dockerless/","title":"Without Docker","text":"TODO
"},{"location":"examples/tutorials/podman/","title":"Podman","text":"This guide will show you how to run wg-easy with rootful Podman and nftables.
Create a Folder for the configuration files:
sudo mkdir -p /etc/containers/systemd/wg-easy\nsudo mkdir -p /etc/containers/volumes/wg-easy\nCreate a file /etc/containers/systemd/wg-easy/wg-easy.container with the following content:
[Container]\nContainerName=wg-easy\nImage=ghcr.io/wg-easy/wg-easy:latest\n\nVolume=/etc/containers/volumes/wg-easy:/etc/wireguard:Z\nNetwork=wg-easy.network\nPublishPort=51820:51820/udp\nPublishPort=51821:51821/tcp\n\nAddCapability=NET_ADMIN\nAddCapability=SYS_MODULE\nAddCapability=NET_RAW\nSysctl=net.ipv4.ip_forward=1\nSysctl=net.ipv4.conf.all.src_valid_mark=1\nSysctl=net.ipv6.conf.all.disable_ipv6=0\nSysctl=net.ipv6.conf.all.forwarding=1\nSysctl=net.ipv6.conf.default.forwarding=1\n\n[Install]\n# this is used to start the container on boot\nWantedBy=default.target\nCreate a file /etc/containers/systemd/wg-easy/wg-easy.network with the following content:
[Network]\nNetworkName=wg-easy\nIPv6=true\nYou will need to load the following kernel modules
wireguard\nnft_masq\nCreate a file /etc/modules-load.d/wg-easy.conf with the following content:
wireguard\nnft_masq\nsudo systemctl daemon-reload\nsudo systemctl start wg-easy\nIn the Admin Panel of your WireGuard server, go to the Hooks tab and add the following hook:
apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \\; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \\; policy drop \\; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \\; policy drop \\; }; nft add rule inet wg_table forward iifname \"wg0\" accept; nft add rule inet wg_table forward oifname \"wg0\" accept;\nnft delete table inet wg_table\n