Setting up WireGuard within a network in a Docker container
WireGuard is an alternative VPN to something like OpenVPN. It has a few orders of magnitude fewer lines of code, and seems really fast in the small amount of time I’ve used it.
I used a few guides to configure it, with this guide being the main one, along with the LinuxServer.io image documentation.
The gotchas I ran into that you might run into as well:
INTERNAL_SUBNETshould not be the subnet of the main network you use! So if your main network is 192.168.123.0, don’t use that as theINTERNAL_SUBNET.- I run Pi-Hole on the same server as the WireGuard VPN container, and my
router is configured to hand out that address to DHCP clients.
The router also does DNS, as it’s a fallback if the server where Pi-Hole
is running is down. I had to provide additional
dnsconfiguration to the Docker container, listing off first the router, then localhost, and then providing the internal IP address of the Pi-Hole server, where the internal server names are defined, asPEERDNS.- If you start seeing entries in the WireGuard logs about
[FATAL] plugin/loop, you know you need to futz with the container’sdnssettings.
- If you start seeing entries in the WireGuard logs about
Other than these issues, it was super easy to set up and use.