Wireguard docker: How to access server's localhost on the clients?

NightMachinary · 24 February 2021 17:49

My server config:

[Interface]
Address = 10.6.0.1
ListenPort = 51820
PrivateKey = xxx
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# peer1
PublicKey = xxx
AllowedIPs = 10.6.0.2/32

My client:

[Interface]
Address = 10.6.0.2
PrivateKey = xxx
ListenPort = 51820
DNS = 8.8.8.8

[Peer]
PublicKey = xxx
Endpoint = xxx:51820
# AllowedIPs = 10.6.0.2/32, 10.6.0.1/32
AllowedIPs = 10.6.0.1/32

If I start services in the container running wireguard, I can access them via http://10.6.0.1:5000/; But I can’t access the real server’s localhost.

aptalca · 24 February 2021 18:09

The container is sandboxed from the host, it can’t access the server’s localhost. However, you should be able to access the server via its lan IP

NightMachinary · 24 February 2021 19:14

Can you give me some concrete steps to follow to be able to access services running on the server from a client connected to the wireguard container? E.g., how do I get the server’s lan IP, and how do I connect from the client to this IP?

NightMachinary · 24 February 2021 20:27

I found the host’s IP address using ip addr show docker0 | grep -Po 'inet \K[\d.]+'. I then added this to the client’s allowed IPs. Things seem to be wroking fine now; I can use that IP on the client to access the server.

system · 1 March 2021 20:27

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.