Skip to content

GitLab

eisfunke.com
eisfunke.com
Commit 60dd220e authored by Nicolas Lenz's avatar Nicolas Lenz
Browse files
Options

Update and add port forwarding to docker wireguard

parent dde5c63b
Pipeline #808 passed with stage
    in 12 seconds
    Hide whitespace changes
    Inline Side-by-side
    Showing with 18 additions and 3 deletions
    article/docker-wireguard-systemd.md
    View file @ 60dd220e
    ......@@ -44,7 +44,7 @@ While I agree with some of the criticism against systemd and its policies, syste
    For the impatient. For detailed instructions see below.
    Add these files to `/etc/systemd/network/`:
    To tunnel a container through a WireGuard VPN given a wg-quick config file from your VPN provider, add these files to `/etc/systemd/network/`:
    **`80-wg0.netdev`:**
    ```ini
    ......@@ -76,7 +76,7 @@ From = 10.123.0.0/16
    Table = 242
    [Route]
    Gateway = {The address of the interface, same as above}
    Gateway = {The address of the interface, same as above in [Network] in Address}
    Table = 242
    [Route]
    ......@@ -239,6 +239,19 @@ networks:
    - subnet: 10.123.0.0/16
    ```
    ## Port Forwarding
    You can use Docker's normal port publishing options to make ports available through the VPN. So, for example, if your VPN provider gives you port `1234` and you want port `80` inside your container to be available through the VPN, call Docker with `-p 1234:80` (do not forget the other required options explained above) or add
    ```yaml
    ports:
    - "1234:80`
    ```
    to the corresponding service's section in the Docker Compose file.
    Note that published ports of tunneled containers are *not* reachable on `localhost`, only through the VPN. Sadly, I haven't yet found a possibility to fix that.
    # Conclusion
    ......@@ -248,6 +261,8 @@ A big thank you goes out to [Nick Babcock](https://nbsoftsolutions.com/) for the
    ---
    **Update:** Added a blackhole route to prevent leaks when VPN gateway is down. Thanks to [tchamb for the suggestion](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/2)!
    **Update 1:** Added a blackhole route to prevent leaks when VPN gateway is down. Thanks to [tchamb for the suggestion](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/2)!
    **Update 2:** Added a section explaining port forwarding. Thanks to [Maren for the idea](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/5)!
    [^i]: [Image source](https://www.flickr.com/photos/adactio/158965673/), licensed under CC-BY-2.0
    Markdown is supported
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment