I have a container inside an AWS ECS instance.
I want to establish a connection to a WireGuard server from that container.
The connection itself works but I have issues with routing all the traffic from that container through the wg0 interface.
If I just set a default route like the WireGuard docs say, I loose connection with the ECS instance itself (connected via session manager): https://www.wireguard.com/netns/#the-classic-solutions
I tried all of them and none of them are a viable option. I think all of them conflict with Docker's routes and the way Docker does its networking here.
The reason I need to establish this connection is to stress test the WireGuard server and curl them.
Options I considered:
- add a separate route for each website to ensure it goes through the
wg0 interface (ip route add $IP via $INET) -- in this case I'd have to resolve the IPs from the DNS names first. It's not that hard but it's some extra work to do.
- route traffic for a specific user through the
wg0 interface like describer here. This also didn't yield any results but still exploring this option
- Ideally get the default route to work in this environment but also bypass all the ECS IPs outside the VPN. Is it possible to detect all endpoints required for ECS connection to work and bypass them? I know how to do the bypass itself, but don't know how to detect all the required IPs.
Are any other solutions that I'm missing here?
Any directions will tremendously help.
Thanks in advance!
