Well, you don’t need containers for wireguard the same way you don’t need containers for anything.

I personally prefer docker containers for everything that can be containerised because it provides a consistent abstraction layer. As in, I always know how to find configurations and paths and manage network infrastructure for anything that resides in a container.

In the case I outlined above with the wireguard containers, I’m more confident I’m not going to upset any other services on my server, and I understand the configuration.

Maybe it’s a bit like using ufw to manage iptables rules, unnecessary but helpful.

Of course, I freely admit that my way is not necessarily the best way and if someone wants to run wireguard on the host then great.

Sure mate.

I’ve been playing around with networks for decades. I’ll happily admit that my understanding is rudimentary at best, but configuring routing rules with IP tables or whatever so your device will act as a NAT seems a few levels beyond “basic networking”.

that’s why you chimed in with your comment. Stupid me.

The honest to god reason I chimed in was because your response seemed derisive, and I thought I might be able to soften a bit by either showing my own ineptitude or challenging your solution.

So in summary you have your device A and services running on B, you connect to a vpn service using A, and you want the services running on B to use the same vpn connection?

I encountered this problem with torrenting and private trackers.

I solved it the other way around, by having the remote connect to the vpn and routing traffic from my device through that remote.

• get a mullvad subscription because they do wireguard
• create wireguard-outbound container on server and connect to mullvad
• create wireguard-inbound container on server and attach it to the network stack of wireguard-outbound
• attach any other containers on the server you want using the vpn to the network stack of wireguard-outbound
• install wireguard on your various devices instead of connecting to mullvad directly just connect to your wireguard-inbound container

For bonus points you can create a squid (proxy service) container and attach that to wireguard-outbound, then create a firefox profile that connects to that proxy. That way your device isn’t routing all traffic through the vpn, only the traffic from that firefox profile.

I’ve had this set up for several years now and for the most part it works very well. Occasionally I have to restart the containers but for the most part it’s great.

IDK anything about “routing” but I don’t think it can solve this problem without additional services.

If my laptop is A and I want all outbound connections to go through server B then B needs to be running some kind of service whether it’s merely a NAT router or VPN or proxy.

In this case OP actually want’s B’s outbound connections to go through A but it’s the same problem.

Obviously “can” is subjective.

“Can” people afford a plane ticket to somewhere? Probably.

Would their quality of life in that destination be satisfactory? In most cases, no.

Doesn’t this mean that the tech just isn’t ready yet?

As in, they can’t sell it if it’s more expensive, is fake, and is worse for the environment.

I’m daily driving debian on a lenovo t490.

Can get one for a few hundred. With a dock and 2x 1920 monitors its just beautiful.

The short answer is, it is free - they’re asking for a contribution but most people would enter a custom amount of $0.

There’s a longer answer about what free means in different contexts and how that pertains to opensource, and a longer answer about how “free” things have led us to the internet we have today, but I don’t think you’re asking about either of those things.

Yes.