You can’t access your instance because the only way to reach the container is through the VPN server (as it should be). You have to open a hole in the container’s firewall to access it through the local network.
In the [Interface] section in your Wireguard configuration, add the following lines:
PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT
Replace the value of HOMENET with whichever network you’re accessing it from, mine’s set to the docker network because it’s behind an nginx reverse proxy.
You can’t access your instance because the only way to reach the container is through the VPN server (as it should be). You have to open a hole in the container’s firewall to access it through the local network.
In the
[Interface]section in your Wireguard configuration, add the following lines:PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=172.16.0.0/12; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECTPreDown = HOMENET=172.16.0.0/12; ip route delete $HOMENET; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPTReplace the value of
HOMENETwith whichever network you’re accessing it from, mine’s set to the docker network because it’s behind an nginx reverse proxy.