Expose WireGuard as a SOCKS5 proxy in a Docker container.
(For the same thing in OpenVPN, see kizzx2/docker-openvpn-client-socks)
This is arguably the easiest way to achieve "app based" routing. For example, you may only want certain applications to go through your WireGuard tunnel while the rest of your system should go through the default gateway. You can also achieve "domain name based" routing by using a PAC file that most browsers support.
podman build -t docker.io/tobosdf/wireguard-socks5:latest-arm .
# or
podman build -t docker.io/tobosdf/wireguard-socks5:latest-arm-v4v6 .
# or
docker build -t docker.io/tobosdf/wireguard-socks5:latest-v4v6 -f x86_Dockerfile .podman run -it --rm --entrypoint bash docker.io/tobosdf/wireguard-socks5:latest-arm-v4v6podman run --rm -d \
--name=wireguard-socks-proxy \
--device=/dev/net/tun --cap-add=NET_ADMIN --privileged \
--publish 127.0.0.1:1080:1080 \
--volume /my/dir/to/wireguard:/etc/wireguard:z \
wireguard-socks5:latest-armThen connect to SOCKS proxy through through 127.0.0.1:1080. For example:
curl --proxy socks5h://127.0.0.1:1080 ipinfo.ioYou can easily convert this to an HTTP proxy using http-proxy-to-socks, e.g.
hpts -s 127.0.0.1:1080 -p 8080This can happen if your WireGuard configuration file includes an IPv6 address but your host interface does not work with it. Try removing the IPv6 address in Address from your configuration file.
This means you have a different ethernet interface in the container. You can enter the container and check the real interface name:
podman run --rm -it --entrypoint /bin/sh --volume /my/dir/to/wireguard:/etc/wireguard:z wireguard-socks5:latest-arm
ifconfig # check your ethernet interface name and modify file `sockd.conf` and rebuild the docker