Hi there,

I wish to run a wireguard docker through a glueton docker so that i can access my paid vpn from my own server. This is what i want:

client -> wireguard docker(selfhosted) -> gluetun docker(connected to paid VPN) -> internet

I have posted before with this issue but still cannot get it to work as expected. I am not sure if there is issues with the wireguard docker not being able to route back through from gluetun as it is trying to force traffic through the tunnel.

Any help would be much appreciated.

docker-compose.yml:

services:
  gluetun_test:
    image: qmcgaw/gluetun
    container_name: gluetun_test
    cap_add:
      - NET_ADMIN
    ports:
      - "5010:5000"
      - "5011:8000"
     # Port of the WireGuard VPN server
      - "36843:36843/udp"
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - WIREGUARD_PUBLIC_KEY=
      - WIREGUARD_PRIVATE_KEY=
      - VPN_ENDPOINT_IP=ip
      - VPN_ENDPOINT_PORT=port
      - WIREGUARD_ADDRESSES="10.2.0.2/32"

  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./wireguard/config:/config
#    ports:
      # Port for WireGuard-UI
#      - "5010:5000"
      # Port of the WireGuard VPN server
#      - "36843:36843/udp"
    network_mode: service:gluetun_test
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

wg0.conf

# Address updated at:     2023-07-08 18:51:31.120262753 +0000 UTC
# Private Key updated at: 2023-05-09 18:59:02.233090133 +0000 UTC
[Interface]
Address = 10.252.1.0/24
ListenPort = 36843
PrivateKey = 
MTU = 1450
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Table =

[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 10.252.1.1/24
  • Lucid5603English
    52 years ago

    So to clarify, what are you wanting to happen and what is happening instead?

  • @[email protected]English
    52 years ago

    Gluetun can expose a http or socks proxy. No need to setup a vpn to access your paid VPN…

    If you want access outside your LAN to your paid VPN it’s best to setup a WG tunnel separate from docker, on the firewall. Than connect to your personal WG tunnel en set the http/socks proxy.

    It that makes sense to you.

    • @JoeKroganEnglish
      22 years ago

      I second this. It is probably the simplest way to get it working.

  • @NewDataEngineerEnglish
    42 years ago

    I suspect they are both using the same interface wg0. I did a quick Google and it looks like you can do the following in gluetun

    WIREGUARD_INTERFACE=wg1

    This is my suspicion as you’re using essentially two wireguard instances at the same time.

  • @gobbling871English
    32 years ago

    For accessing your VPN network outside of your LAN, there’s the shadowsocks option in the gluetun wiki.

  • @krustymeatheadEnglish
    112 days ago

    Hi there!

    I wanted to chime in to say that I finally got a nested VPN solution to work in my home lab setup, and wanted to share because it looked like you may be trying something similar. I found a very helpful post that laid out the solution to running a linuxserver.io wireguard container that uses a gluetun container’s VPN connection for all of its clients’ external-bound traffic.

    To help make this more accessible for others, I created a single docker-compose.yml file that pulls all of this together.

    In addition to bringing over the config from the helpful post, I added:

    • Wireguard-UI to simplify client setup and PostUp & PostDown modifications
    • Auto-restart capability for Wireguard & Wireguard-UI containers if Gluetun goes down

    If anyone tries to use this and has any questions, let me know. Thanks!