EisfunkeForum

Routing Specific Docker Containers Through WireGuard VPN with systemd-networkd

To the article

A simple solution for routing specific docker containers through a WireGuard VPN using only two simple systemd-networkd files, no cumbersome wg or ip calls.

Thanks for the article, very simple and works well.

Per your warning, I’ve added the following to the .network file for my ethernet interface to handle container traffic routing if the WireGuard interface is somehow destroyed:

[Route]
Destination=0.0.0.0/0
Type=blackhole
Metric=1
Table=242

This seems to do the trick after a test using ip link set down dev wg1. I can no longer curl nor ping from within the container until the wg1 device and its route are restored.

1 Like

I’m glad that the article was helpful!

And thank you for the config tip. Using metrics looks very clean and simple. I’ll test it on my machine when I get around to it and add it to the article :+1: