azorius.net

Help with selfhosted wireguard routed through gluetun
from TelepathicWalrus@lemmy.world to selfhosted@lemmy.world on 13 Jul 2023 06:14
https://lemmy.world/post/1417765

Hi there,

I wish to run a wireguard docker through a glueton docker so that i can access my paid vpn from my own server. This is what i want:

client -> wireguard docker(selfhosted) -> gluetun docker(connected to paid VPN) -> internet

I have posted before with this issue but still cannot get it to work as expected. I am not sure if there is issues with the wireguard docker not being able to route back through from gluetun as it is trying to force traffic through the tunnel.

Any help would be much appreciated.

docker-compose.yml:

services:
  gluetun_test:
    image: qmcgaw/gluetun
    container_name: gluetun_test
    cap_add:
      - NET_ADMIN
    ports:
      - "5010:5000"
      - "5011:8000"
     # Port of the WireGuard VPN server
      - "36843:36843/udp"
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - WIREGUARD_PUBLIC_KEY=
      - WIREGUARD_PRIVATE_KEY=
      - VPN_ENDPOINT_IP=ip
      - VPN_ENDPOINT_PORT=port
      - WIREGUARD_ADDRESSES="10.2.0.2/32"

  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./wireguard/config:/config
#    ports:
      # Port for WireGuard-UI
#      - "5010:5000"
      # Port of the WireGuard VPN server
#      - "36843:36843/udp"
    network_mode: service:gluetun_test
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

wg0.conf

# Address updated at:     2023-07-08 18:51:31.120262753 +0000 UTC
# Private Key updated at: 2023-05-09 18:59:02.233090133 +0000 UTC
[Interface]
Address = 10.252.1.0/24
ListenPort = 36843
PrivateKey = 
MTU = 1450
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Table =

[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 10.252.1.1/24

#selfhosted

threaded - newest

krustymeathead@lemmy.world on 11 Jan 20:18 collapse

Hi there!

I wanted to chime in to say that I finally got a nested VPN solution to work in my home lab setup, and wanted to share because it looked like you may be trying something similar. I found a very helpful post that laid out the solution to running a linuxserver.io wireguard container that uses a gluetun container’s VPN connection for all of its clients’ external-bound traffic.

To help make this more accessible for others, I created a single docker-compose.yml file that pulls all of this together.

In addition to bringing over the config from the helpful post, I added:

Wireguard-UI to simplify client setup and PostUp & PostDown modifications
Auto-restart capability for Wireguard & Wireguard-UI containers if Gluetun goes down

If anyone tries to use this and has any questions, let me know. Thanks!