I have wireguard running in a container on a cloud-based VM. I can see udp traffic on the ethernet interface in the VM and container.
But when the wireguard interface is enabled, the client that's trying to connect to it has no traffic.
Relevant info:
Client (vm on home network):
Results of wg:
interface: wg0
public key: gDOtdK3Fim9fSBZWss7tfCsCsIgr5wrAwpszkyNjuQE=
private key: (hidden)
listening port: 45821
fwmark: 0xca6c
peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
endpoint: redactedIPv4:51820
allowed ips: 0.0.0.0/0
transfer: 0 B received, 21.97 KiB sent
wg0.conf on client
[Interface]
PrivateKey = redacted
Address = 10.13.13.100
DNS = 10.13.0.1
[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 0.0.0.0/0
Endpoint = redactedIPv4:51820
Cloud based VM that's running the container
Results of docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
885feaa34c1d cr.cclloyd.com/cclloyd/wgtest:latest "/s6-init" About an hour ago Up About an hour (healthy) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:51820->51820/udp, :::51820->51820/udp wgtest
Container
Results of wg command:
interface: IdQUQ527
public key: 1uhRlqmJCqVrxJkx2BUon3gu5w4lUZmE9z7vP4vafzk=
private key: (hidden)
listening port: 51820
peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
allowed ips: 10.13.13.100/32
Config inside container:
[Interface]
Address = 10.13.0.1/16
ListenPort = 51820
PrivateKey = redacted
[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 10.13.13.100/32
Results of tcpdump -n udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:09:33.014069 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:38.292409 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:43.412137 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
