Jose
Reputation: 1
Issues with Docker Wireguard Container using NordVPN
I’m currently working on setting up a WireGuard VPN container using Docker to connect to NordVPN, and I'm running into what I suspect is a DNS issue (As Usual).
docker-compose.yml
version: '3.8'
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard-external
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- ./config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
wg0.conf
[Interface]
Address = 10.5.0.2/32
PrivateKey = [HIDDEN]
DNS = 1.1.1.1,1.0.0.1,103.86.96.96,103.86.99.99
[Peer]
PublicKey = qIhtTW9K4iXWFo5Q4dOPdXg8/xubXr9yEGoN55D8xnA=
AllowedIPs = 0.0.0.0/0
Endpoint = ca1518.nordvpn.com:51820
Docker Logs
User UID: 1000
User GID: 1000
───────────────────────────────────────
Uname info: Linux 7ad0f7d8eb6e 5.15.133.1-microsoft-standard-WSL2 #1 SMP Thu Oct 5 21:02:42 UTC 2023 x86_64 GNU/Linux
**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****
**** Client mode selected. ****
[custom-init] No custom files found, skipping...
**** Disabling CoreDNS ****
**** Found WG conf /config/wg_confs/wg0.conf, adding to list ****
**** Activating tunnel /config/wg_confs/wg0.conf ****
Warning: `/config/wg_confs/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.5.0.2/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
s6-rc: fatal: unable to take locks: Resource busy
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables-restore -n
Warning: Extension CONNMARK revision 0 not supported, missing kernel module?
Warning: Extension CONNMARK is not supported, missing kernel module?
iptables-restore v1.8.10 (nf_tables):
line 5: RULE_INSERT failed (No such file or directory): rule in chain POSTROUTING
line 6: RULE_INSERT failed (No such file or directory): rule in chain PREROUTING
[#] resolvconf -d wg0 -f
s6-rc: fatal: unable to take locks: Resource busy
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
**** Tunnel /config/wg_confs/wg0.conf failed, will stop all others! ****
**** All tunnels are now down. Please fix the tunnel config /config/wg_confs/wg0.conf and restart the container ****
[ls.io-init] done.
When trying to verify public ip with docker run --rm --network=container:wireguard-external alpine:3.20 sh -c "apk add wget && wget -qO- https://ipinfo.io" I am unable to reach servers. Likewise when trying to ping google or cloudflare.
Any info would be greatly appreciated!
Upvotes: 0
Views: 416
Answers (0)
Related Questions
- How to copy files from host to Docker container?
- What is the difference between a Docker image and a container?
- How to rebuild docker container in docker-compose.yml?
- How can I delete all local Docker images?
- How to copy Docker images from one host to another without using a repository
- From inside of a Docker container, how do I connect to the localhost of the machine?
- Copying files from Docker container to host
- How to get a Docker container's IP address from the host
- How to restart a single container with docker-compose
- How to remove old Docker containers