Hi guys, I need your help with WireGuard VPN in Docker…
I am an IT professional with over 35 years of experience and am seeking help with a very unusual issue. I am running the linuxserver/wireguard Docker container on a Windows 11 Pro host using Docker Desktop v 4.43.2. I have a working port forwarding rule on my router and believe all configurations are correct, but I am consistently getting a “connection reset” error when trying to access the web UI from the host machine.
Here is a summary of my setup and the troubleshooting steps I have performed:
Problem Statement:
I am unable to access the wg-easy web UI at http://192.168.0.3:51821. The browser immediately returns a “Connection was reset” error. The WireGuard VPN itself is also not working from a remote network, with client logs showing IPv4 packet with disallowed source address.
My Setup:
Host OS: Windows 11Pro
Docker: Docker Desktop V4.43.2
Container: linuxserver/wireguard:latest
Router: Port forwarding is set up for UDP port 51821 to 192.168.0.3 (the Windows host's IP).
Static IP: The Windows host has a static IP of 192.168.0.3.
My docker-compose.yml File:
YAML
version: ‘3.8’
services:
wireguardvpn:
container_name: wireguardvpn
image: linuxserver/wireguard:latest
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- SERVERURL=timski.ddns.net
- SERVERPORT=51821
- PEERS=Macbook,iphone
- PEERDNS=192.168.200.3
- INTERNAL_SUBNET=10.13.13.0/24
- ALLOWEDIPS=0.0.0.0/0,::/0
volumes:
- ./wireguard-config:/config
- /lib/modules:/lib/modules
ports:
- “51821:51820/udp”
- “51821:51821/tcp”
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped
networks:
vpn_network:
ipv4_address: 192.168.200.2
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- “53:53/tcp”
- “53:53/udp”
- “80:80/tcp”
environment:
- TZ=Europe/London
- WEBPASSWORD=T3chn0-Music-123
- DNS1=1.1.1.1
- DNS2=1.0.0.1
volumes:
- ./etc-pihole:/etc/pihole
- ./etc-dnsmasq.d:/etc/dnsmasq.d
restart: unless-stopped
networks:
vpn_network:
ipv4_address: 192.168.200.3
networks:
vpn_network:
driver: bridge
ipam:
config:
- subnet: 192.168.200.0/24
Troubleshooting Performed:
Verified all configurations: I have confirmed that the docker-compose.yml, router port forwarding, and Windows Firewall rules are all correct.
Firewall Rules: I have checked and confirmed both inbound and outbound rules for TCP and UDP on port 51821. They are enabled, set to "Allow the connection," and apply to all profiles (Domain, Private, Public).
Local vs. Remote Access: I attempted to access the web UI from the local host using both the local IP (http://192.168.0.3:51821) and the external DDNS hostname (http://timski.ddns.net:51821).
The local IP resulted in a consistent "Connection was reset" error.
The external hostname resulted in a "Firefox can’t establish a connection" error, which suggests a hairpin NAT issue on my router (which is expected).
Full System Reset: I performed a full Docker reset using docker-compose down -v and docker network prune, followed by a PC reboot and a Windows network stack reset. The docker-compose.yml file was verified again before restarting the containers.
Final Test: After the full reset, I attempted to access the web UI again at http://192.168.0.3:51821, but the "Connection was reset" error persists.
The fact that the TCP handshake is being completed and then immediately reset indicates that something is actively terminating the connection at a very low level. This is not a standard firewall block (which would result in a connection refusal).
I am at a loss for what could be causing this. Any insight or similar experiences would be greatly appreciated.