Client Config notes

Ran this on all the hosts in the cluster; sysctl -q net.ipv4.conf.all.src_valid_mark=1

 

Needed the privileged & net_admin for tunnel binding

        - image: linuxserver/wireguard
          securityContext:
            privileged: true
            capabilities:
              add: ["NET_ADMIN", "SYS_MODULE"]
          env:
          - name: PUID
            value: "1000"
          - name: PGID
            value: "1000"
          name: wireguard
          volumeMounts:
          - name: config-wg
            mountPath: /config
          - name: modules
            mountPath: /lib/modules

 

Spent a lot of time troubleshooting intermittent DNS, this was because of overzealous iptables kill-switches from mullvad blocking the upstream dns server when the cluster DNS didn't have the off hand response, as well as blocking ICMP and other local networks which prevented side-cars from having access from the local net (like qbittorrent over 8080 on 192.168 network)