Comments (3)
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
from docker-wireguard.
This isn't something we will promote, address, or even mention. Doing so would bring a whole lot of liability to us and likely create a false sense of security for the user.
Leakage depends on how the configs are set up. For client mode, we don't even provide any configs, the user has to create their own.
There are many different ways to tackle the leakage issue and almost all of them depend on the user's specific config and requires personal customizations. There is no one standardized solution.
With that said, wireguard is stateless and as long as there is a valid config, the tunnel will come up, regardless of whether the other side is really connected or not. Plus, if the config is not valid and the tunnel fails, the container deletes the default route, killing network connectivity for the container.
The period where there is leakage by default is while the container is starting up. That part requires custom solutions, or you can make sure wireguard is up and running before other services are up and don't rely on unattended upgrades and such (you should never do that anyway for other reasons).
from docker-wireguard.
I think the "delete the default route" achieves what I was looking for anyway.
from docker-wireguard.
Related Issues (20)
- [BUG] The requested image's platform (linux/arm64) does not match the detected host platform (linux/arm/v8) HOT 2
- [BUG] SERVERPORT is being ignored HOT 2
- [BUG] Ping peers HOT 1
- [BUG] SERVER_ALLOWEDIPS_PEER_* include quotes inside AllowedIPs peer variable HOT 6
- [BUG] Improvement of the documentation of the ALLOWEDIPS parameter. HOT 2
- [FEAT] mDNS (Avahi) support through Wireguard HOT 2
- [FEAT / BUG] <Modifiable 'ListenPort' used by host/wireguard incoming connections through docker configuration> HOT 8
- [BUG] Custom Server Port not taken into account in server.conf template HOT 3
- [BUG] starting with ~v1.0.20210914-ls116 cannot connect to wireguard HOT 3
- [BUG] Error generating QRCode - qrencode: command not found HOT 2
- [BUG] -ls23 and onwards has issue with adding iptables rules HOT 6
- [BUG] iptables v1.8.10 (legacy): can't initialize iptables table `filter' HOT 4
- [BUG] Conneted to the Wiregurad server, but no network connection on client side. HOT 3
- [BUG] Client IPs are all the container's host HOT 15
- [BUG] missing /32 in interface address HOT 14
- [FEAT] Enable SERVER_ALLOWEDIPS_PEER_ declaration by comma HOT 9
- Old tags are wrong HOT 4
- [BUG] ListenPort = 51820 in default peer.conf disallows >1 peer through NAT loopback HOT 11
- [FEAT] [Peer] definition within generated wg0.conf should be templated HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-wireguard.