Help with wireguard container routing setup

Hi !

I currently run linux-server/wireguard in server mode on a VPS, serving as a “hub” on a Site Gateway as a Spoke topology which connects remote clients to a Pfsense’s wireguard at home, acting as site gateway to some services on my homelab.

After reading this amazing post, I’ve become tempted to implement a mullvad exit route for requests that are not within the homelab. However, I’ve found three problems on the path of such achievement:

  1. The setup on the post assumes a wireguard at home acting as a server with a listening port exposed, while on my setup I have wireguard client at home with no ports exposed.

  2. Another oddity of my setup is that I run linux-server/wireguard with network_mode=host. This is because there are applications on the host that are not containerized and need to communicate to hosts on the homelab i.e: loki-docker-driver pushing logs

  3. My networking skills are not something to be proud of :face_with_diagonal_mouth:

Any clues/comments are very welcome :slight_smile: