Comments (15)
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
from docker-wireguard.
A human has marked this issue as invalid, this likely happened because the issue template was not used in the creation of the issue.
from docker-wireguard.
you've not provided enough info.
- we do not support podman, ignoring this though
- you state the IPs are on the host and dont share what those IPs are for comparison.
- you provide no network information to help tshoot your network problem (which only you have ever reported)
from docker-wireguard.
- I'm sorry, I didn't think it would matter. Podman came with my OS so I just went with it.
- The IPs shouldn't really matter since they don't create or take away the problem, but the output of
wg show
is as follows:
endpoint: 192.168.25.145:55156
The endpoint's address is obviously not within the Docker subnet because it's a physical device on cellular. - What information would you like? I'm not sure how to help here.
from docker-wireguard.
we only test and support docker, podman can do things differently. We definitively do not support rootless podman, though it can also work
The IPs CAN matter when you describe an issue involving the IPs being on the host but show nothing about the IPs. for example a common issue we see are people making their wireguard subnet be the same as their lan subnet. It would show what you described and would be an unsupported config.
so for info, your statement is that client IPs (assuming wireguard clients?) are all on the container host.
your INTERNAL_SUBNET=172.24.5.0 #optional
means your clients should have an IP in the 172.24.5.0/24 range
when you show that endpoint, my assumption is that your home LAN is 192.168.25.0/24 perhaps? (this is why IPs matter, im having to make assumptions), so if this is what you mean by client ips are the container's host, then yes, this is abnormal and makes it look as if you were connecting to the VPN from within your LAN (like on wifi) but if your docker host itself IS 192.168.25.145, then you have something weird setup. Nothing stands out in your compose and it's similar to mine. My suggestion is to test using docker, but in the meantime I'll see if anyone wants to take a look at this (but dont get your hopes up, as it's unsupported)
from docker-wireguard.
Hi, I'm sorry, I see what you're saying now. I apologize for being blunt.
My home LAN is 10.0.0.0/24, the Docker (Podman) subnetting I have includes the 192.168.25.0/24 range. So when I connect from a client, no matter on my home LAN, on cellular, or anywhere else, it always shows the client's IP as my host machine's IP on that Docker subnet.
The internal subnet I have set to 172.24.5.0/24 to align with my other VPN services elsewhere.
from docker-wireguard.
to ensure i understand, do you mean that when your vpn'd client accesses something (say.. a webpage) which shows what IP connected to it, you are seeing your docker host ip? if yes, that is normal. docker (and podman) nat things from inside the container to the outside so the source is your docker host. similarly when you have a single public ip and your many hosts internally access an external site, they all see that one WAN ip. To NOT have that happen, and this is very out of scope of support, you would need to ROUTE that traffic rather than NAT it.
from docker-wireguard.
No, the IP shown on https://whatismyipaddress.com is in fact the WAN IP of my Docker host. That I expect. The issue is, for administrative purposes, I'd like to be able to see from the Docker host where clients are connecting from (say, the IP of a coffee shop). Which I realize may or may not be possible due to how Docker works, but if this is something that can be changed, that would be a useful feature. For example, running wg show
on my server with native WireGuard shows the public IP of the client outside of the VPN tunnel.
from docker-wireguard.
Now that I think about it, would this be possible with a bridged network setup for this Docker container?
from docker-wireguard.
No, the IP shown on https://whatismyipaddress.com is in fact the WAN IP of my Docker host. That I expect. The issue is, for administrative purposes, I'd like to be able to see from the Docker host where clients are connecting from (say, the IP of a coffee shop). Which I realize may or may not be possible due to how Docker works, but if this is something that can be changed, that would be a useful feature. For example, running
wg show
on my server with native WireGuard shows the public IP of the client outside of the VPN tunnel.
ahh you should be seeing that yes, in my endpoints, i see the public ip of the specific peer.
Now that I think about it, would this be possible with a bridged network setup for this Docker container?
in your compose, you are using a bridged network setup (which is what we support and recommend)
from docker-wireguard.
I mean like adding network_mode: bridge
, since that exposes the actual port on the host.
from docker-wireguard.
I mean like adding
network_mode: bridge
, since that exposes the actual port on the host.
not typing any network mode means you are using bridge
from docker-wireguard.
i think it might be best for you to come on our discord, truthfully, you have something going on and it's not a container issue, so probably best to sort it out in our live chat rather than ghi
from docker-wireguard.
not typing any network mode means you are using bridge
I meant to say host networking. I'm sorry, it's been a while since I did that kind of thing in Docker and I don't have my terms straight by any means. As in, the ports aren't isolated over the virtual interface and are set up directly on the host.
i think it might be best for you to come on our discord, truthfully, you have something going on and it's not a container issue, so probably best to sort it out in our live chat rather than ghi
Fair enough. I'll join that soon.
from docker-wireguard.
I meant to say host networking. I'm sorry, it's been a while since I did that kind of thing in Docker and I don't have my terms straight by any means. As in, the ports aren't isolated over the virtual interface and are set up directly on the host.
We don't support host, but you're already in an unsupported setup with podman, so IMO test all the things :D
Fair enough. I'll join that soon.
With that, I'll go ahead and close this and hopefully we can get you working on discord.
from docker-wireguard.
Related Issues (20)
- [BUG] The requested image's platform (linux/arm64) does not match the detected host platform (linux/arm/v8) HOT 2
- [BUG] SERVERPORT is being ignored HOT 2
- [BUG] Ping peers HOT 1
- [BUG] SERVER_ALLOWEDIPS_PEER_* include quotes inside AllowedIPs peer variable HOT 6
- [BUG] Improvement of the documentation of the ALLOWEDIPS parameter. HOT 2
- [FEAT] mDNS (Avahi) support through Wireguard HOT 2
- [FEAT] Always-OnKill Switch in Client-mode HOT 3
- [FEAT / BUG] <Modifiable 'ListenPort' used by host/wireguard incoming connections through docker configuration> HOT 8
- [BUG] Custom Server Port not taken into account in server.conf template HOT 3
- [BUG] starting with ~v1.0.20210914-ls116 cannot connect to wireguard HOT 3
- [BUG] Error generating QRCode - qrencode: command not found HOT 2
- [BUG] -ls23 and onwards has issue with adding iptables rules HOT 5
- [BUG] iptables v1.8.10 (legacy): can't initialize iptables table `filter' HOT 4
- [BUG] Conneted to the Wiregurad server, but no network connection on client side. HOT 3
- [BUG] missing /32 in interface address HOT 14
- [FEAT] Enable SERVER_ALLOWEDIPS_PEER_ declaration by comma HOT 9
- Old tags are wrong HOT 4
- [BUG] ListenPort = 51820 in default peer.conf disallows >1 peer through NAT loopback HOT 11
- [FEAT] [Peer] definition within generated wg0.conf should be templated HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-wireguard.