I tried to follow this tutorial: Routing Docker Host And Container Traffic Through WireGuard | LinuxServer.io to route container traffic through wireguard VPN.
I didn’t wanted to use the first method so I tried the second method described as " Routing a container’s traffic through the WireGuard container via routing table".
My issue however is, that the connected container (nzbget) does not get a connection. I cannot establish any outbound connection, it always fails with “ping: bad address ‘google.com’”
It does not seem to be a dns problem, as it also fails with ip addresses.
Both containers are in the same network, like shown in the example. This is the route output from my nzbget container:
ip route show default via 172.20.0.50 dev eth0 172.20.0.0/16 dev eth0 scope link src 172.20.0.6
My main issue is, that I don’t know how to debug the connection. traceroute fails immediately, like any other network command. I have the feeling that the wireguard container does not allow incoming connections.
Can someone help me?
Edit: For completeness, here are my config files:
--- version: "2.1" services: wireguard: image: lscr.io/linuxserver/wireguard:latest container_name: wireguard cap_add: - NET_ADMIN environment: - PUID=0 - PGID=0 - TZ=Europe/Berlin volumes: - /home/wireguard/config:/config - /lib/modules:/lib/modules #optional networks: default: ipv4_address: 172.20.0.50 sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped networks: default: external: name: nginx
--- version: "2.1" services: nzbget: image: lscr.io/linuxserver/nzbget:latest container_name: nzbget cap_add: - NET_ADMIN environment: - PUID=0 - PGID=0 - TZ=Europe/Berlin volumes: - /home/nzbget/config:/config - /home/nzbget/downloads:/downloads restart: unless-stopped networks: default: external: name: nginx
This is nzbget container route:
root@8fbecc49c5d3:/# ip route default via 172.20.0.50 dev eth0 172.20.0.0/16 dev eth0 scope link src 172.20.0.6 root@8fbecc49c5d3:/# ping 172.20.0.50 PING 172.20.0.50 (172.20.0.50): 56 data bytes 64 bytes from 172.20.0.50: seq=0 ttl=64 time=0.129 ms 64 bytes from 172.20.0.50: seq=1 ttl=64 time=0.072 ms 64 bytes from 172.20.0.50: seq=2 ttl=64 time=0.080 ms --- 172.20.0.50 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.072/0.093/0.129 ms
[Interface] Address = 10.14.0.2/16 PrivateKey = (removed) DNS = 126.96.36.199, 188.8.131.52 PostUp = iptables -t nat -A POSTROUTING -o wg+ -j MASQUERADE PreDown = iptables -t nat -D POSTROUTING -o wg+ -j MASQUERADE [Peer] PublicKey = Lxg3jAOKcBA9tGBtB6vEWMFl5LUEB6AwOpuniYn1cig= AllowedIPs = 0.0.0.0/0 Endpoint = nl-ams.prod.surfshark.com:51820