TrueNAS SCALE Documentation Archive
This content follows the TrueNAS SCALE 22.12 (Bluefin) releases. Archival documentation is provided for reference only and not actively maintained.
Use the Product and Version selectors above to view content specific to different TrueNAS software or major versions.
WG-Easy
4 minute read.
Last Modified 2024-03-19 08:47 EDTSCALE 22.12.3 deprecates several built-in features. SCALE 23.10 replaces deprecated features with applications that perform their roles. See SCALE Feature Deprecations for more details about feature deprecation and replacement.
This article provides installation instructions for the WG-Easy application. WG-Easy is a docker image designed to simplify setting up and managing WireGuard connections. WG-Easy provides a pre-configured environment that includes all the necessary components including a web-based user interface to manage VPN connections.
If migrating from the SCALE OpenVPN client and server services to a new application for VPN servers, locate the VPN app you want to use on the Available Appliations screen. If not listed, install the application using the Launch Docker Image option.
Before you configure a new VPN application:
Disable OpenVPN services. Go to System Settings > Services, disable the services, and clear the Start Automatically checkboxes. This prevents the services from re-enabling after a system restart.
Review your client and server service settings. Note all certificate, device type, port, protocol, TLS crypt authentication, and additional parameter settings.
To install the wg-easy application:
Go to Apps click on Available Applications and locate the wg-easy application widget.
Click Install to open the wg-easy configuration wizard.
Accept the default value or enter a name in Application Name.
Enter the configuration settings. Enter the public host name or IP of your VPN server in Hostname or IP.
If you use or want to protect access to the WG-Easy web UI, enter a password in Password for WebUI.
Accept the default values in Persistent Keep Alive and Clients MTU or enter the values you want to use. To change the time the connection remains alive, enter a value in seconds in Persistent Keep Alive. When set to zero, connections are not kept alive.
Accept the default IPs in Clients IP Address Range and Clients DNS Server or enter the IP addresses the client uses.
To specify allowed IP addresses, click Add to the right of Allowed IPs for each IP address you want to enter. If you do not specify allowed IPs, the application uses 0.0.0.0/0.
To specify environment variables, click Add to the right of WG-Easy Environment for each environment variable you want to add. Variables you can add are listed in the table below.
Enter your storage settings. Select Enable Custom Host Path for WG-Easy Configuration Volume to add the Host Path for WG-Easy Configuration Volume field. Enter or browse to select the mount path for the host path.
To add additional host path volumes, click Add to the right of Extra Host Path Volumes.
Enter the path in Mount Path in Pod where you want to mount the volume inside the pod. Enter or browse to the host path for the WG-Easy application dataset.
Accept the default port numbers in WireGuard UDP Node Port for WG-Easy and WebUI Node Port for WG-Easy. WireGuard always listens on 51820 inside the Docker container. Refer to the TrueNAS default port list for a list of assigned port numbers. To change the port numbers, enter a number within the range 9000-65535.
To add DNS configuration options, click Add to the right of DNS Options.
Accept the default values in Resources Configuration or select Enable Pod resource limits to enter new CPU and memory values for the destination system.
Click Save.