Timeout with wireguard in docker

cclloyd

5/25/23, 3:13 AM

I have wireguard running in a container on a cloud-based VM. I can see udp traffic on the ethernet interface in the VM and container.

But when the wireguard interface is enabled, the client that's trying to connect to it has no traffic.

Relevant info:

Client (vm on home network):

Results of wg:

interface: wg0
  public key: gDOtdK3Fim9fSBZWss7tfCsCsIgr5wrAwpszkyNjuQE=
  private key: (hidden)
  listening port: 45821
  fwmark: 0xca6c

peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
  endpoint: redactedIPv4:51820
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 21.97 KiB sent

wg0.conf on client

[Interface]
PrivateKey = redacted
Address = 10.13.13.100
DNS = 10.13.0.1

[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 0.0.0.0/0
Endpoint = redactedIPv4:51820

Cloud based VM that's running the container

Results of docker ps -a

CONTAINER ID   IMAGE                                  COMMAND      CREATED             STATUS                       PORTS           NAMES
885feaa34c1d   cr.cclloyd.com/cclloyd/wgtest:latest   "/s6-init"   About an hour ago   Up About an hour (healthy)   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:51820->51820/udp, :::51820->51820/udp   wgtest

Container

Results of wg command:

interface: IdQUQ527
  public key: 1uhRlqmJCqVrxJkx2BUon3gu5w4lUZmE9z7vP4vafzk=
  private key: (hidden)
  listening port: 51820

peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
  allowed ips: 10.13.13.100/32

Config inside container:

[Interface]
Address = 10.13.0.1/16
ListenPort = 51820
PrivateKey = redacted


[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 10.13.13.100/32

Results of tcpdump -n udp

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:09:33.014069 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:38.292409 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:43.412137 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148

154

0 + 0

networking

docker

wireguard

Score:0

Server

Justin Ludwig

5/25/23, 7:57 PM

Your keys don't match. The [Peer] section of the client config needs to be configured with the public key of the server:

[Peer]
PublicKey = 1uhRlqmJCqVrxJkx2BUon3gu5w4lUZmE9z7vP4vafzk=

And the [Peer] section of the server config needs to be configured with the public key of the client:

[Peer]
PublicKey = gDOtdK3Fim9fSBZWss7tfCsCsIgr5wrAwpszkyNjuQE=

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Timeout with wireguard in docker

TH: หมดเวลาด้วย wireguard ในนักเทียบท่า

RO: Timeout cu wireguard în docker

RU: Тайм-аут с wireguard в докере

VI: Hết thời gian chờ với wireguard trong docker

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.