Route traffic through wireguard client container

schl0p · 13 April 2020 02:48

I’m using the new WireGuard container in client mode to connect to a remote server. The connection is established fine but I can’t access other containers through the WireGuard container.

Example: I would like to route all traffic of a youtube-dl container through WireGuard. However, once WireGuard establishes the connection to the remote server, I cannot reach the attached youtube-dl container via port 8070 anymore. Interestingly, before the VPN connection is established (WireGuard container just starting up) I can browse the youtube-dl container via port 8070 without any problems.

Here is how my config looks like. What am I missing here?

@MODS: Had to use the wrong tag as there is not WireGuard Tag as of yet!

wireguard-client:
  image: linuxserver/wireguard
  container_name: wireguard-client
  cap_add:
    - NET_ADMIN
    - SYS_MODULE
  ports:
    - 8070:8080
  environment:
    - PUID=1000
    - PGID=1000
  volumes:
    - ~/dockercompose/wireguard-client:/config
  sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
  restart: unless-stopped

youtube-dl:
  image: "kmb32123/youtube-dl-server"
  container_name: youtube-dl
  network_mode: "service:wireguard-client"
  volumes:
    - /mnt/storage/media/youtube:/youtube-dl
  restart: always

aptalca · 13 April 2020 03:23

Not sure. I tried the same thing and didn’t work for me either (with a different container). However, I was able to port forward from the wireguard server and access the port at the remote wireguard ip.

My guess is, all connections are getting sent through the wireguard tunnel rather than connecting locally.

schl0p · 25 May 2020 23:18

Does anyone have an idea how to resolve this? Can I somehow specify that the service web frontend should be accessible locally but all outgoing traffic is routed through Wireguard?

I would love to have something similar as all the VPN/Torrent containers out there.