Skip to main content

Client Config notes

Ran this on all the hosts in the cluster; sysctl -q net.ipv4.conf.all.src_valid_mark=1


Needed the privileged & net_admin for tunnel binding

        - image: linuxserver/wireguard
            privileged: true
              add: ["NET_ADMIN", "SYS_MODULE"]
          - name: PUID
            value: "1000"
          - name: PGID
            value: "1000"
          name: wireguard
          - name: config-wg
            mountPath: /config
          - name: modules
            mountPath: /lib/modules


Spent a lot of time troubleshooting intermittent DNS, this was because of overzealous iptables kill-switches from mullvad blocking the upstream dns server when the cluster DNS didn't have the off hand response, as well as blocking ICMP and other local networks which prevented side-cars from having access from the local net (like qbittorrent over 8080 on 192.168 network)


My final client configuration:

PrivateKey = <mullvad provided key>
Address = <mullvad provided IP>/32
DNS = <mullvad DNS server>
PostUp = ip route add via
PreDown = ip route del via

PublicKey = <mullvad provided key>
AllowedIPs = #Actually a take-over ip list
Endpoint = <mullvad server IP>:51820