Closed davidsarkany closed 4 years ago
I think you need to do something like this: https://github.com/masipcat/wireguard-go-docker#basic--kube-dns
Assuming the ip of the docker dns is 172.18.0.1
:
In the wg config of the peer that wants the dns resolution:
[Interface]
...
# Configure dns ip address as dns resolver in you local machine
PostUp = printf "nameserver 172.18.0.1" | resolvconf -a %i
[Peer]
...
# Change AllowedIPs to 172.18.0.0/16 if you only want to connect to tunnel to other containers
AllowedIPs = 172.18.0.0/16
EDIT: fixed ip address in line PostUp = printf "nameserver 172.18.0.1" | resolvconf -a %i
I think I want something else.
For example:
I have a mariadb container on "mysql" network. I add the wireguard to "mysql" network.
version: '3.3'
services:
wireguard:
container_name: wireguard
image: masipcat/wireguard-go:latest
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
volumes:
- /dev/net/tun:/dev/net/tun
- ./config:/etc/wireguard
environment:
- WG_COLOR_MODE=always
- LOG_LEVEL=info
ports:
- 587:587/udp
restart: always
networks:
- mysql
networks:
mysql:
external:
name: mysql
When i enter the wireguard container can i lookup the mariadb hostname.
docker exec -ti wireguard sh
# nslookup mariadb
Server: 127.0.0.11
Address: 127.0.0.11:53
Non-authoritative answer:
Non-authoritative answer:
Name: mariadb
Address: 172.19.0.5
It's great, name resolve work inside container with the default docker dns resolver. (127.0.0.11) So my question, how can i use this dns resolver on my pc through wiregurard? (Windows 10)
wg0.conf (server)
[Interface]
Address = 10.99.0.1/24
ListenPort = 587
PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING -s 10.99.0.0/24 -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey =
AllowedIPs = 10.99.0.2/32
[Peer]
PublicKey =
AllowedIPs = 10.99.0.3/32
Client config (Windows 10)
[Interface]
PrivateKey = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
Address = 10.99.0.2/32
DNS = ?
[Peer]
PublicKey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/0
Endpoint = my-domain:587
I'm not sure... If the port 53 is binded inside the wireguard container for address (0.0.0.0/0), then using 10.99.0.1
should work as a dns resolver. Otherwise, maybe you need to setup a BIND9 a way to expose the docker dns resolver.
Hi!
I want connect my other docker container through wireguard. I can connect with ip (example: 172.18.0.7), but the local dns resolution (example: mysql) don't work. How can i fix it?