Why WG-Easy?
Setting up WireGuard manually means editing config files, generating key pairs, and managing peer lists by hand. WG-Easy wraps it all in a clean web UI:
- One-click client creation — No SSH needed.
- QR codes — Scan with your phone to connect instantly.
- Enable/disable clients — Toggle access without deleting configs.
- Traffic stats — See data transferred per client.
- Docker deployment — One container, done.
Prerequisites
- A server with a public IP (VPS, cloud, or home with port forwarding).
- Docker installed.
- UDP port 51820 open on your firewall/router.
Step 1: Deploy with Docker
docker run -d \
--name wg-easy \
--restart=always \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e WG_HOST=vpn.example.com \
-e PASSWORD=your-admin-password \
-e WG_DEFAULT_DNS=1.1.1.1,8.8.8.8 \
-v ~/.wg-easy:/etc/wireguard \
-p 51820:51820/udp \
-p 51821:51821/tcp \
ghcr.io/wg-easy/wg-easy
Admin panel: http://your-server:51821
Step 2: Key Environment Variables
| Variable | Purpose |
|---|
WG_HOST | Your server’s public IP or domain |
PASSWORD | Admin panel password |
WG_DEFAULT_DNS | DNS servers for VPN clients |
WG_ALLOWED_IPS | Networks clients can access (default: 0.0.0.0/0 = all traffic) |
WG_DEFAULT_ADDRESS | VPN subnet (default: 10.8.0.x) |
WG_PERSISTENT_KEEPALIVE | Keep-alive interval for NAT traversal (default: 25s) |
Step 3: Create Clients
- Open
http://your-server:51821.
- Click “New Client”.
- Name it (e.g., “iPhone”, “Laptop”, “Office”).
- Download the
.conf file or scan the QR code.
- Import into the WireGuard app on your device.
WireGuard vs OpenVPN vs Tailscale
| Feature | WireGuard (WG-Easy) | OpenVPN | Tailscale |
|---|
| Speed | Very Fast (kernel-level) | Fast (user-space) | Fast (WireGuard-based) |
| Setup | Simple (Docker + UI) | Complex (PKI, configs) | Easiest (zero-config) |
| Self-hosted | Yes | Yes | Partial (coordination server) |
| Protocol | UDP only | UDP + TCP | WireGuard |
| Codebase | 4,000 lines | 100,000+ lines | Proprietary |
| Cost | Free | Free | Free tier / paid |
| Best for | Full control | Legacy/strict firewalls | Zero-config mesh |
Troubleshooting
| Problem | Solution |
|---|
| Client connects but no internet | Set WG_ALLOWED_IPS=0.0.0.0/0; verify server has IP forwarding: sysctl net.ipv4.ip_forward=1 |
| Connection timeout | Verify UDP 51820 is forwarded; check WG_HOST matches your public IP |
| Can’t access LAN devices | Add your LAN subnet to WG_ALLOWED_IPS (e.g., 192.168.1.0/24,0.0.0.0/0) |
| Admin panel not loading | Verify TCP port 51821 is accessible; check container logs |
| QR code not scanning | Ensure your phone camera can focus; try downloading the .conf file instead |
Summary
- WireGuard VPN with a web UI — no config files needed.
- One-click clients with QR codes for mobile.
- Docker container — deploys in 2 minutes.
- Enable/disable clients and view traffic stats from the browser.
Related Articles