WG on LXC
Peter Lister
peter at bikeshed.quignogs.org.uk
Fri Mar 22 18:52:16 UTC 2024
I'm using wg on my home network, using a Linux router with OpenWRT and
running services (e.g. IMAP) on LXC containers.
Having read how wg is intended to work within name spaces, I expected to
easily create LXC containers with *only* a wg interface, but it seems
that LXC only understands a "veth" interface and then a wg instance
using this interface's address as an endpoint.
This works, but I want my internal services to see *only* the wg vpn. If
a server container needs to connect out, e.g. for software update, I'll
fire up a temporary veth with a temporary address.
It also seems odd that client hosts need each wg client to use
per-server endpoint addresses when they are all hosted on one physical
server's network interface.
I'm sure it's possible to script a solution, but ideally I want to
specify lxc.net.0.type as "wireguard", give it a key pair and that
should be that, with all config living outside the container.
This appears to me as common use-case. Has anyone spoken to the lxc
developers about adding this kind of "first class citizen" support for wg?
All the best,
Peter
More information about the WireGuard
mailing list