wirehole icon indicating copy to clipboard operation
wirehole copied to clipboard

Published 20 hours ago verified publisher icon IAmStoxe

WIrehole without Wireguard in Docker

Open hpapagaj opened this issue 4 years ago • 2 comments

Thanks for this great project, I just gave to it the 1000th star. 🤘

I have one question: I am already having a working wg setup on my server and I would like to keep that. I would like to use wirehole, without Wireguard.

Can I get a little help with that?

WG config is simple as:

$ sudo cat /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.9.1/24
ListenPort = 51820
PrivateKey = 
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = 
AllowedIPs = 192.168.9.2/32
[Peer]
PublicKey =
AllowedIPs = 192.168.9.3/32

I removed Wireguard part from the docker-compose.yml:

version: "3"

networks:
  private_network:
    ipam:
      driver: default
      config:
        - subnet: 10.2.0.0/24

services:
  unbound:
    image: "mvance/unbound:latest"
    container_name: unbound
    restart: unless-stopped
    hostname: "unbound"
    volumes:
      - "./unbound:/opt/unbound/etc/unbound/"
    networks:
      private_network:
        ipv4_address: 10.2.0.200

  pihole:
    depends_on: [unbound]
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    hostname: pihole
    dns:
      - 127.0.0.1
      - 10.2.0.200 # Points to unbound
    environment:
      TZ: "America/Los_Angeles"
      WEBPASSWORD: "" # Blank password - Can be whatever you want.
      ServerIP: 10.1.0.100 # Internal IP of pihole
      DNS1: 10.2.0.200 # Unbound IP
      DNS2: 10.2.0.200 # If we don't specify two, it will auto pick google.
    # Volumes store your data between container upgrades
    volumes:
      - "./etc-pihole/:/etc/pihole/"
      - "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    networks:
      private_network:
        ipv4_address: 10.2.0.100

I am not a Docker expert, and I am unsure how to change IP addresses in the config above.

I think ServerIP should be WG's interface IP: 192.168.9.1, but what for the rest (subnet and 10.2.0.100 in the config)?

Thank you, Adrian

hpapagaj avatar Oct 16 '20 16:10 hpapagaj

I already have this setup kind of setup where the Wireguard is outside docker while Pi-hole and Unbound is inside. It won't work right off the bat. You also have to route your Wireguard's traffic through Docker's static named bridge network then egress to the interface facing the internet.

The catch is every IP that is logged on your Pi-hole using Wireguard is going to be the same IP the bridge network is using. Well for the config that I'm using that is. I couldn't find any other solution. But still, it works.

b3m17 avatar Oct 20 '20 03:10 b3m17

I have one question: I am already having a working wg setup on my server and I would like to keep that. I would like to use wirehole, without Wireguard.

@hpapagaj You better should have a look at the official Pi-Hole-Docker-Image.

thomasmerz avatar Dec 02 '21 22:12 thomasmerz