This is an automated archive.

The original was posted on /r/wireguard by /u/skydecklover on 2024-01-24 03:55:59+00:00.

So I have two docker hosts, which we can call HomeServer and DockerServer. They both have manually created Docker Networks using 192.168.10.1/27 and 192.168.15.1/27 respectively. What I need is two-way communication between the docker containers on both hosts.

I used to create matching tunnel configs for both hosts and add them to the appropriate paths.

HomeServer:

[Interface]
# Name: HomeServer
Address = 192.168.50.1/27
PrivateKey = [REDACTED]
ListenPort = 51820

[Peer]
# Name: DockerServer
PublicKey = [REDACTED]
Endpoint = [REDACTED]:51820
AllowedIPs = 192.168.50.2/27, 192.168.15.1/27

DockerServer:

[Interface]
# Name: DockerServer
Address = 192.168.50.2/27
PrivateKey = [REDACTED]
ListenPort = 51820

[Peer]
# Name: HomeServer
PublicKey = [REDACTED]
Endpoint = [REDACTED]:51820
AllowedIPs = 192.168.50.1/27, 192.168.10.1/27

Both hosts are using the LinuxServer WireGuard Docker image, this is the docker-compose snippet:

# WireGuard - VPN Client Container
  WireGuard-Mesh:
    <<: *common-keys-non-critical # See EXTENSION FIELDS at the top
    image: lscr.io/linuxserver/wireguard
    container_name: WireGuard-Mesh
    network_mode: host
    cap_add:
      - NET_ADMIN
    ports:
      - 51820:51820
    environment:
      <<: *default-tz-puid-pgid
    volumes:
      - $DOCKERDIR/WireGuard-Mesh:/config

I’m using network_mode: host so that the interfaces and routes will work from the host and apply to other docker containers by default.

This setup works! On both hosts the interface comes up, the handshake occurs, traffic flows between the hosts. I can ping back and forth between any combination of 192.168.50.1, 192.168.50.2, 192.168.10.1 and 192.168.15.1. Almost there!

I have Docker containers in both 192.168.10.1/27 on HomeServer and 192.168.15.1/27 on Docker Server. HomeServer (192.168.10.1), can ping through the tunnel to 192.168.15.2 on DockerServer but DockerServer (192.168.15.1) cannot ping the other way to anything in 192.168.10.1/27 other than the host.

Both hosts are Ubuntu 22.04 LTS running Docker V25.0.0. Does ANYBODY have any idea what I should look into to see why things work one way but not the other? Thanks y’all!