I've set up a WireGuard VPN using Docker Compose with the following configuration. The container is directly attached to a macvlan interface and should route all traffic through the VPN. The logs indicate that the tunnel is established successfully, but I'm having trouble with routing. I've added the WireGuard container as the default gateway on my test host, yet it doesn't seem to be routing traffic through the tunnel. What steps can I take to debug this issue?
5 Answers
It would help to see your full network setup. Check for any MTU mismatches—WireGuard has overhead, so you may need to set your client MTUs to 1420. Also, can you ping from client to Docker interface, and then from Docker to the exit interface of the tunnel? How is the Docker container connected to your network? Is it all local?
You might want to check out this GitHub repository: https://github.com/qdm12/gluetun. It has some useful setups for WireGuard in Docker that could help you figure out what's missing.
If you're trying to route packets, ensure that you have these lines in your sysctl.conf: `net.ipv4.ip_forward=1` and `net.ipv6.conf.all.forwarding=1`. That could be crucial for traffic forwarding.
Make sure to check the routing tables with Policy-Based Routing (PBR) or Virtual Routing and Forwarding (VRF). You can use the command `ip rule` in your container to see if the routes are set correctly.
Did you define your peers in the WireGuard config? Also, just double-check that the config volume is actually mapped correctly. That could be an issue!
Yes, the volume is mounted properly, and the logs show that the tunnel is being established.
I'm currently troubleshooting that. The Docker network is supposed to be linked directly, but I want to confirm connectivity.