activeeos / wireguard-docker

Docker image for Wireguard. Containerize your VPN!
MIT License
146 stars 37 forks source link

seems require more permissions #4

Open weaming opened 5 years ago

weaming commented 5 years ago

How do I start it:

ln -s $PWD/server.conf /etc/wireguard/wg0.conf
docker run -it --rm --cap-add net_admin --cap-add sys_module \
    --name wireguard \
    -v /etc/wireguard:/etc/wireguard -v /lib/modules:/lib/modules \
    -p 51820:51820/udp activeeos/wireguard-docker

Error message:

Fri Mar 29 07:13:53 UTC 2019: Starting Wireguard
Warning: `/etc/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
sysctl: setting key "net.ipv4.conf.all.rp_filter": Read-only file system
sysctl: setting key "net.ipv4.conf.default.rp_filter": Read-only file system
sysctl: setting key "net.ipv4.conf.eth0.rp_filter": Read-only file system
sysctl: setting key "net.ipv4.conf.lo.rp_filter": Read-only file system
sysctl: setting key "net.ipv4.conf.wg0.rp_filter": Read-only file system
g00nix commented 4 years ago

Do you get the same result with --cap-add=NET_ADMIN ?