interconnect linux systems using wireguard

Setting up wg-easy

Requirements:

• Docker
• wireguard client on host

docker-compose.yaml:

services:
  wg-easy:
    #environment:
    #  Optional:
    #  - PORT=51821
    #  - HOST=0.0.0.0
    #  - INSECURE=false

    image: ghcr.io/wg-easy/wg-easy:15
    container_name: wg-easy
    volumes:
      - ./etc_wireguard:/etc/wireguard
      - /lib/modules:/lib/modules:ro
    restart: unless-stopped
    network_mode: host
    cap_add:
      - NET_ADMIN
      - SYS_MODULE

Setting up UFW to allow traffic

enable forwarding in ufw:

/etc/default/ufw

set DEFAULT_FORWARD_POLICY to ACCEPT

modify /etc/ufw/before.rules to properly route or something

/etc/ufw/before.rules

*nat
:POSTROUTING ACCEPT [0:0]
# change this ip range to whatever you end up using for your infra
-A POSTROUTING -s 10.8.1.0/24 -o wg1 -j MASQUERADE
-A POSTROUTING -s 10.8.2.0/24 -o wg1 -j MASQUERADE
COMMIT

reload ufw

allow traffic on server (wg-easy) interface and on client interface (wg-quick)

ufw allow in on wg0
ufw allow out on wg0
ufw allow in on wg1
ufw allow out on wg1

repeat for other servers

docker compose up -d all wg-easy instances

follow the instructions to set them up, then create a connection profile for each server you want linked (you could probably also "mesh" them (no idea tho)

then use wg-quick on server A to connect server A to server B repeat on server B to connect it to server A

profit