Today I Learned 2022-07-09

Setting up WireGuard within a network in a Docker container

WireGuard is an alternative VPN to something like OpenVPN. It has a few orders of magnitude fewer lines of code, and seems really fast in the small amount of time I’ve used it.

I used a few guides to configure it, with this guide being the main one, along with the image documentation.

The gotchas I ran into that you might run into as well:

  • INTERNAL_SUBNET should not be the subnet of the main network you use! So if your main network is, don’t use that as the INTERNAL_SUBNET.
  • I run Pi-Hole on the same server as the WireGuard VPN container, and my router is configured to hand out that address to DHCP clients. The router also does DNS, as it’s a fallback if the server where Pi-Hole is running is down. I had to provide additional dns configuration to the Docker container, listing off first the router, then localhost, and then providing the internal IP address of the Pi-Hole server, where the internal server names are defined, as PEERDNS.
    • If you start seeing entries in the WireGuard logs about [FATAL] plugin/loop, you know you need to futz with the container’s dns settings.

Other than these issues, it was super easy to set up and use.