Wireguard with docker on Kali Linux

karencho · 26 November 2020 12:13

hello, i have installed docker and docker-compose on kali linux machine latest version…
all worked good so i proceed to install wireguard , so i basically installed all like was told in this tutorial : https://www.youtube.com/watch?v=bVKNSf1p1d0

and my config yaml file :
version: “2.1”
services:
wireguard:
image: ghcr.io/linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1900 - that was changed on my users id
- PGID=1000
- TZ=America/Los_Angeles
- SERVERURL=172.17.0.1 #optional -here i put ip like this : sudo docker -it wireguard ifconfig - the output was serverurl
- SERVERPORT=51820 #optional
- PEERS=3 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
volumes:
- /opt/wireguard-server/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: always

so i just then did this : docker-compose up -d

and then installed wireguard client on kali linux copied the peer1.conf to my home directory then moved to /etc/wireguard/wg0.conf

when i wanna to connect to wireguard server with this command : wg-quick up wg0.conf i get this
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.13.13.2 dev wg0
[#] ip link set mtu 65456 up dev wg0
RTNETLINK answers: Address already in use
[#] ip link delete dev wg0

i even try to connect from my android device but there was no internet connection at all…

what i did wrong? thank you

aptalca · 26 November 2020 12:20

First, you’re trying to use both a server and a client on the same machine and trying to connect one to the other. I don’t think that’s ever going to work because they’re literally using the same module.

Your second scenario with the phone is likely to work, but you need to set the correct serverurl. That 172 address is the internal docker network container ip. The phone is not going to be able to connect to it. It needs to be an ip that the phone can connect to.

karencho · 26 November 2020 12:24

so it is not possible to have server and client on the same computer even from the docker?

aptalca · 26 November 2020 12:30

Why would you need this?

You can run both, but not to connect to each other

karencho · 26 November 2020 12:33

i want to have vpn hosted on my laptop with docker… that i already done, now how can i route whole my laptop connection thru this vpn server?

ChiefMedicalOfficer · 26 November 2020 13:05

Remember this is your own VPN server. This isn’t a VPN service like Private Internet Access or NordVPN.

Having your client and server on the same machine is like driving 2 trucks through a tunnel and expecting them to be in different places when they exit the tunnel.

karencho · 26 November 2020 13:09

ok so if i will create another docker container, new one will i be able to connect to wireguard docker??

ChiefMedicalOfficer · 26 November 2020 13:16

No you need to setup the wireguard install you already have correctly to make it connectable from ANOTHER device, not the laptop it is hosted on.

The SERVERURL must be an externally reachable IP or hostname and port 51820 must be forwarded on your router/firewall.

Once you start the container all the configs you need are generated in /opt/wireguard-server/config. You copy the peer1.conf file to your phone (for instance) and import it into the Wireguard app.

karencho · 26 November 2020 13:17

thank you i understood

ChiefMedicalOfficer · 26 November 2020 13:29

Good luck with it.