Hello,
I tried to follow this tutorial: Routing Docker Host And Container Traffic Through WireGuard | LinuxServer.io to route container traffic through wireguard VPN.
I didn’t wanted to use the first method so I tried the second method described as " Routing a container’s traffic through the WireGuard container via routing table".
My issue however is, that the connected container (nzbget) does not get a connection. I cannot establish any outbound connection, it always fails with “ping: bad address ‘google.com’”
It does not seem to be a dns problem, as it also fails with ip addresses.
Both containers are in the same network, like shown in the example. This is the route output from my nzbget container:
ip route show
default via 172.20.0.50 dev eth0
172.20.0.0/16 dev eth0 scope link src 172.20.0.6
My main issue is, that I don’t know how to debug the connection. traceroute fails immediately, like any other network command. I have the feeling that the wireguard container does not allow incoming connections.
Can someone help me?
Thanks!
Edit: For completeness, here are my config files:
Wireguard:
---
version: "2.1"
services:
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
environment:
- PUID=0
- PGID=0
- TZ=Europe/Berlin
volumes:
- /home/wireguard/config:/config
- /lib/modules:/lib/modules #optional
networks:
default:
ipv4_address: 172.20.0.50
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
networks:
default:
external:
name: nginx
Nzbget:
---
version: "2.1"
services:
nzbget:
image: lscr.io/linuxserver/nzbget:latest
container_name: nzbget
cap_add:
- NET_ADMIN
environment:
- PUID=0
- PGID=0
- TZ=Europe/Berlin
volumes:
- /home/nzbget/config:/config
- /home/nzbget/downloads:/downloads
restart: unless-stopped
networks:
default:
external:
name: nginx
This is nzbget container route:
root@8fbecc49c5d3:/# ip route
default via 172.20.0.50 dev eth0
172.20.0.0/16 dev eth0 scope link src 172.20.0.6
root@8fbecc49c5d3:/# ping 172.20.0.50
PING 172.20.0.50 (172.20.0.50): 56 data bytes
64 bytes from 172.20.0.50: seq=0 ttl=64 time=0.129 ms
64 bytes from 172.20.0.50: seq=1 ttl=64 time=0.072 ms
64 bytes from 172.20.0.50: seq=2 ttl=64 time=0.080 ms
--- 172.20.0.50 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.072/0.093/0.129 ms
wg0.conf
[Interface]
Address = 10.14.0.2/16
PrivateKey = (removed)
DNS = 162.252.172.57, 149.154.159.92
PostUp = iptables -t nat -A POSTROUTING -o wg+ -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o wg+ -j MASQUERADE
[Peer]
PublicKey = Lxg3jAOKcBA9tGBtB6vEWMFl5LUEB6AwOpuniYn1cig=
AllowedIPs = 0.0.0.0/0
Endpoint = nl-ams.prod.surfshark.com:51820