Make sure that you have added PostUp and PreDown to wg0.conf as detailed in Connecting the Wireguard Client to the VPN. Containers using the VPN - docker restart Ĭan't connect to the Web-UI of routed containers.If you're experiencing problems and you want to restart everything, the correct order is: VPN providers like Mullvad support port forwarding, if your application needs it.įor example in Mullvad > My Account > Manage ports and Wireguard Keys > Follow the instructions to get a port.Ĭopy the port number you got to qBittorrent > Settings > Connection > Port used for incoming connections. Under Settings > Download Clients > Click qBittorrent's Download Client > Set Host to vpn > click Test & Save. Restart the SWAG to apply the changes with docker restart swag. Replace all occurrences of set $upstream_app qbittorrent with set $upstream_app vpn. SWAGĮdit your or in SWAG's config folder under config/nginx/proxy-confs/. Instead of qbittorrent they will need to use vpn to reach the qBittorrent container. Now that qBittorrent is routed through the VPN, other containers need to be configured with the change. Check that qBittorrent's Web Administration interface is working by browsing :8080.Check that the VPN is working by running docker exec qbittorrent curl -s and make sure you don't get your internet's IP.Recreate the VPN Wireguard Client container to apply the changes, then recreate the qBittorrent container which depends on the VPN. Replace the following lines on the qBittorrent container: Check that the VPN is working by running docker exec vpn curl -s, you should get an IP that is different from your internet's IP.Check that you have connectivity by running docker exec vpn ping 1.1.1.1.Perform the following validations to check that the VPN works: Save the changes and restart the container with docker restart vpn, validate that docker logs vpn contains no errors. The PreDown command cleans up these rules when the VPN goes down. Connections from LAN networks are still allowed to be able to connect to the services in the containers. The PostUp command adds a killswitch using iptables rules to prevent connections on other interfaces. PrivateKey = Address = /32 DNS = PostUp = DROUTE=$ (ip route | grep default | awk ' ' ) HOMENET=192.168.0.0/16 HOMENET2=10.0.0.0/12 HOMENET3=172.16.0.0/12 ip route del $HOMENET3 via $DROUTE ip route del $HOMENET2 via $DROUTE ip route del $HOMENET via $DROUTE iptables -D OUTPUT ! -o %i -m mark ! -mark $ (wg show %i fwmark) -m addrtype ! -dst-type LOCAL -j REJECT iptables -D OUTPUT -d $HOMENET -j ACCEPT iptables -D OUTPUT -d $HOMENET2 -j ACCEPT iptables -D OUTPUT -d $HOMENET3 -j ACCEPT PublicKey = AllowedIPs = 0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |