I am currently stuck behind a CGNAT unless the ISP plays ball but that most likely wont happen.
I run a server that is using Docker containers for services. I am using the linuxserver.io SWAG container for reverse proxy.
I have a VPS running ubuntu 20.04 to use as a VPN access server (Bounce server)
I am trying to use Wireguard to route all my traffic from my server docker containers out through the VPS VPN. So far all I have been able to get working is the SWAG nginx interface.
I am using the linuxserver.io wireguard docker container running in client mode to connect to the VPS VPN.
Would someone be able to help me sort out the firewall settings (UFW) and such to get my SWAG reverse proxy working over the VPN? I am trying to route my Plex and Jellyfin Docker containers over the VPN. I have a domain name as well.
My VPN network is 192.168.10.0/32
VPS VPN is 192.168.10./1/32
Server VPN Client is 192.168.10.2/32
My SWAG is on a custom docker network along with Jellyfin, Plex and wireguard
@LinuxMaster9 From what I understand about networking and subnets, you are using the wrong subnetting notation. Try changing your subnet notation to /30 instead of /32. Using F32 only gives you two IP addresses; you will want at least 4 IP addresses.
I thought my explanation was clear since you sent back a question. But I guess it wasn’t. Just disregard my suggestion. I didn’t know you were stuck behind a CGNAT when I made that suggestion. I have since reread your post more carefully and looked up Wikipedia’s explanation of what CGNAT is. I have no experience with that type of NAT, so that I won’t be any help. Are you following a guide that shows how to set up what you want on a CGNAT network? I think your best bet is to which IPS if you can. It is a fascinating problem; I wish Had an answer. I have heard if you ask your IPS very nicely, they may let you opt out of their CGNAT. It never hurts to try.
I came across this post which might help; Please let me know if you have any success. I am very interested in the service @TheCakeIsNaOH mentions, and it might be helpful for a network experiment I have in mind.
Can you share more precisely, or with more detail, what your setup is like?
As I’m sure you’re aware docker supports different kinds of network drivers… are you just using the default bridge network for wireguard/other stuff locally?
Are you running swag remotely or locally?
Are you using built-in wireguard allowed ips for filtering on top of iptables/ufw?