18
Help with selfhosted wireguard routed through gluetun (lemmy.world)
submitted 1 year ago by TelepathicWalrus@lemmy.world to c/selfhosted@lemmy.world
9 comments fedilink hide all child comments

Hi there,

I wish to run a wireguard docker through a glueton docker so that i can access my paid vpn from my own server. This is what i want:

client -> wireguard docker(selfhosted) -> gluetun docker(connected to paid VPN) -> internet

I have posted before with this issue but still cannot get it to work as expected. I am not sure if there is issues with the wireguard docker not being able to route back through from gluetun as it is trying to force traffic through the tunnel.

Any help would be much appreciated.

docker-compose.yml:

services:
  gluetun_test:
    image: qmcgaw/gluetun
    container_name: gluetun_test
    cap_add:
      - NET_ADMIN
    ports:
      - "5010:5000"
      - "5011:8000"
     # Port of the WireGuard VPN server
      - "36843:36843/udp"
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - WIREGUARD_PUBLIC_KEY=
      - WIREGUARD_PRIVATE_KEY=
      - VPN_ENDPOINT_IP=ip
      - VPN_ENDPOINT_PORT=port
      - WIREGUARD_ADDRESSES="10.2.0.2/32"

  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./wireguard/config:/config
#    ports:
      # Port for WireGuard-UI
#      - "5010:5000"
      # Port of the WireGuard VPN server
#      - "36843:36843/udp"
    network_mode: service:gluetun_test
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

wg0.conf

# Address updated at:     2023-07-08 18:51:31.120262753 +0000 UTC
# Private Key updated at: 2023-05-09 18:59:02.233090133 +0000 UTC
[Interface]
Address = 10.252.1.0/24
ListenPort = 36843
PrivateKey = 
MTU = 1450
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Table =

[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 10.252.1.1/24
top 7 comments
sorted by: hot top controversial new old
[-] AES@lemmy.ronsmans.eu 5 points 1 year ago

Gluetun can expose a http or socks proxy. No need to setup a vpn to access your paid VPN..

If you want access outside your LAN to your paid VPN it's best to setup a WG tunnel separate from docker, on the firewall. Than connect to your personal WG tunnel en set the http/socks proxy.

It that makes sense to you.

[-] JoeKrogan@lemmy.world 2 points 1 year ago

I second this. It is probably the simplest way to get it working.

[-] Lucid5603@lemmy.dbzer0.com 5 points 1 year ago* (last edited 1 year ago)

So to clarify, what are you wanting to happen and what is happening instead?

[-] gobbling871@lemmy.world 4 points 1 year ago

For accessing your VPN network outside of your LAN, there's the shadowsocks option in the gluetun wiki.

[-] FederalAlienSmuggler@feddit.de 4 points 1 year ago

Why do you need two VPNs? Does it work without the local Wireguard VPN?

[-] NewDataEngineer@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

I suspect they are both using the same interface wg0. I did a quick Google and it looks like you can do the following in gluetun

WIREGUARD_INTERFACE=wg1

This is my suspicion as you're using essentially two wireguard instances at the same time.

[-] baronvontito@lemmy.world 1 points 7 months ago* (last edited 7 months ago)

having the very same idea and issue u described, any idea on how to solv it? my post here https://www.reddit.com/r/WireGuard/comments/1abnvyj/need_help_with_idea_wireguard_and_gluetun/

load more comments
view more: next ›
this post was submitted on 13 Jul 2023
18 points (87.5% liked)

Selfhosted

39150 readers
241 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz