client) network due to interface clash ( wg0 is hardcoded). server) cannot use another WireGuard container's (ie. With our current implementation, a WireGuard container (ie.Multiple apps using the same WireGuard container's network may have port clashes.If the WireGuard container is recreated (or in some cases restarted), the other containers also need to be restarted or recreated (depending on the setup).network_mode: service:wireguard) seems like the simplest approach, it has some major drawbacks: One client will connect to Mullvad for most outgoing connections, and the other will connect to my OPNsense router at home for access to my homelab.īefore we start, I should add that while having other containers use the WireGuard container's network (ie.
In this article, we will set up 3 WireGuard containers, one in server mode and 2 in client modes, on a Contabo VPS server.
Alternatively, I could split the tunnel on each client's WireGuard config, but that is a lot more work, and each client would use up a separate private key, which becomes an issue with commercial VPNs (Mullvad allows up to 5 keys). To achieve c), I had to rely on a VPS with a faster connection and split the tunneling between Mullvad and my home. However, my cable internet provider's anemic upload speeds translate into a low download speed when connected to my home router remotely. Needs a) and b) would be easily achieved with a WireGuard server and a client running on my home router (OPNsense), which I already have. on public wifi at a hotel or a coffeeshop). The setup showcased in this article was born out of my specific need to a) tunnel my outgoing connections through a VPN provider like Mullvad for privacy, b) have access to my homelab, and c) maintain as fast of a connection as possible, while on the go (ie. In this article, we will showcase a more complex setup utilizing multiple WireGuard containers on a VPS to achieve split tunneling so we can send outgoing connections through a commercial VPN while maintaining access to homelab when remote. We previously showcased several ways to route host and container traffic through our WireGuard docker container in a prior blog article. WireGuard at this point needs no introduction as it became quite ubiquitous especially within the homelab community due to its ease of use and high performance.
0 kommentar(er)
