@@ -44,7 +44,7 @@ While I agree with some of the criticism against systemd and its policies, syste
For the impatient. For detailed instructions see below.
Add these files to `/etc/systemd/network/`:
To tunnel a container through a WireGuard VPN given a wg-quick config file from your VPN provider, add these files to `/etc/systemd/network/`:
**`80-wg0.netdev`:**
```ini
...
...
@@ -76,7 +76,7 @@ From = 10.123.0.0/16
Table=242
[Route]
Gateway={The address of the interface, same as above}
Gateway={The address of the interface, same as above in [Network] in Address}
Table=242
[Route]
...
...
@@ -239,6 +239,19 @@ networks:
-subnet:10.123.0.0/16
```
## Port Forwarding
You can use Docker's normal port publishing options to make ports available through the VPN. So, for example, if your VPN provider gives you port `1234` and you want port `80` inside your container to be available through the VPN, call Docker with `-p 1234:80` (do not forget the other required options explained above) or add
```yaml
ports:
-"1234:80`
```
to the corresponding service's section in the Docker Compose file.
Note that published ports of tunneled containers are *not* reachable on `localhost`, only through the VPN. Sadly, I haven't yet found a possibility to fix that.
# Conclusion
...
...
@@ -248,6 +261,8 @@ A big thank you goes out to [Nick Babcock](https://nbsoftsolutions.com/) for the
---
**Update:** Added a blackhole route to prevent leaks when VPN gateway is down. Thanks to [tchamb for the suggestion](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/2)!
**Update 1:** Added a blackhole route to prevent leaks when VPN gateway is down. Thanks to [tchamb for the suggestion](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/2)!
**Update 2:** Added a section explaining port forwarding. Thanks to [Maren for the idea](https://forum.eisfunke.com/t/routing-specific-docker-containers-through-wireguard-vpn-with-systemd-networkd/83/5)!
[^i]:[Image source](https://www.flickr.com/photos/adactio/158965673/), licensed under CC-BY-2.0