2022-09-05 05:37:29 +00:00
|
|
|
---
|
|
|
|
|
creation date: 2022-09-05
|
2023-04-21 15:18:59 +00:00
|
|
|
tags: [note,linux,wireguard,wg,docker]
|
2022-09-05 05:37:29 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
`wireguard-tools` is required.
|
|
|
|
|
|
2023-04-21 15:18:59 +00:00
|
|
|
*Be aware that any additional setup will change `iptables` and might be against docker's default rules when running as `root`!*
|
|
|
|
|
|
2022-09-05 05:37:29 +00:00
|
|
|
## Forwarding
|
|
|
|
|
|
|
|
|
|
When forwarding should be allowed, the "host" needs to set the following via `sysctl` or in a `PostUp` / `PostDown` hook of WireGuard.
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
net.ipv4.ip_forward=1
|
|
|
|
|
net.ipv6.conf.all.forwarding=1
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
In addition, the `AllowedIPs` in the client's `peer` section should be `0.0.0.0/0, ::/0`.
|
|
|
|
|
|
|
|
|
|
## Import into Network Manager
|
|
|
|
|
|
|
|
|
|
When using Network Manager, WireGuard profiles can be imported
|
|
|
|
|
|
2023-04-10 08:30:46 +00:00
|
|
|
```
|
2022-09-05 05:37:29 +00:00
|
|
|
nmcli connection import type wireguard file <path to conf>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Ensure you've unchecked _Automatically connect_ afterwards in `nm-connection-editor`.
|
|
|
|
|
|
