1

Let me first explain the setup:

At home I have a nas that runs a wireguard VPN server in a docker container. (I use WG for all sorts of clients to access the local network at home).

I am currently trying to set up a remote backup for my data using a raspberry pi in a different local network somewhere else. (The raspberry pi will host a CIFS share and I also want to be able to access the web-interface of the raspberry pi.)

I determined that one possibility should be to connect the raspberry pi to the WG VPN and then set up my local network so that the nas can automatically back up to the raspberry pi.

As I understand it WG creates its own subnet. So my goal is to somehow be able to connect to device in this wg subnet from my local network.

But everything that I found on the internet to this topic didn't really help me, any idea how to achieve this or is there a simple solution to my problem?

Improve this question

1 Answer 1

Reset to default
0

If it weren't for Docker, then it would be exactly like standard routing between two subnets:

  • The "wg-server" is a router that's connected to two networks (subnets).
  • Hosts on the "local" network need a route to the "wg" network via wg-server.
  • Hosts on the "wg" network need a route to the "local" network via wg-server.
  • The wg-server's firewall needs to allow traffic both ways.

On the local side you would add a static route on your home gateway (or at least directly on your individual hosts) to route the "wg" network via "wg-server"; on the WG side you would add the "home" network to AllowedIPs in each client's configuration, and the WireGuard app would automatically route it – unless your clients already route 0.0.0.0/0, in which case that's not needed.

With Docker, unless the WG container is somehow "bridged" to the LAN (e.g. using a macvlan), there will be an additional step – the home gateway needs to route via the Docker host, and the Docker host needs to route via the container.

(But... WireGuard is a kernel feature that has barely any files or services of its own – and really doesn't need Docker, since it has to rely on the WG support that the host kernel provides either way.)

Improve this answer
1
  • Ok, so the main reason for docker was actually the ease of setup. But I switched to a direct install now. (With the OMV plugin with web-interface integration) I was able to set the static route on my home router. And with the command ip route add 10.192.1.0/24 via 10.192.1.254 dev wgnet1 (10.192.1.0/24 wg subnet mask, 10.192.1.254: gateway/my nas), I managed to get as far as beeing ablto to ping the R-Pi from the server itself. But I am still unable to connect to it from other systems on my lan. Would appreciat help for that (Running Open Media Vault, a debian based NAS OS)
    – Elio
    Commented May 16 at 7:52

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .