Commit 60dd220e authored by Nicolas Lenz's avatar Nicolas Lenz

Update and add port forwarding to docker wireguard

parent dde5c63b
Pipeline #808 passed with stage
in 12 seconds
......@@ -44,7 +44,7 @@ While I agree with some of the criticism against systemd and its policies, syste
For the impatient. For detailed instructions see below.
Add these files to `/etc/systemd/network/`:
To tunnel a container through a WireGuard VPN given a wg-quick config file from your VPN provider, add these files to `/etc/systemd/network/`:
**`80-wg0.netdev`:**
```ini
......@@ -76,7 +76,7 @@ From = 10.123.0.0/16
Table = 242
[Route]
Gateway = {The address of the interface, same as above}
Gateway = {The address of the interface, same as above in [Network] in Address}
Table = 242
[Route]
......@@ -239,6 +239,19 @@ networks:
- subnet: 10.123.0.0/16
```
## Port Forwarding
You can use Docker's normal port publishing options to make ports available through the VPN. So, for example, if your VPN provider gives you port `1234` and you want port `80` inside your container to be available through the VPN, call Docker with `-p 1234:80` (do not forget the other required options explained above) or add
```yaml
ports:
- "1234:80`
```
to the corresponding service's section in the Docker Compose file.
Note that published ports of tunneled containers are *not* reachable on `localhost`, only through the VPN. Sadly, I haven't yet found a possibility to fix that.
# Conclusion
......@@ -248,6 +261,8 @@ A big thank you goes out to [Nick Babcock](https://nbsoftsolutions.com/) for the
---
**Update:** Added a blackhole route to prevent leaks when VPN gateway is down. Thanks to [tchamb for the suggestion](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/2)!
**Update 1:** Added a blackhole route to prevent leaks when VPN gateway is down. Thanks to [tchamb for the suggestion](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/2)!
**Update 2:** Added a section explaining port forwarding. Thanks to [Maren for the idea](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/5)!
[^i]: [Image source](https://www.flickr.com/photos/adactio/158965673/), licensed under CC-BY-2.0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment