From 091ad039af1146c1a0f2c4ca456e339f1ae4b23c Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Mon, 9 Feb 2026 20:06:04 +0000 Subject: [PATCH] Reverse WireGuard architecture: server on Netcup, client at home Flipped WG topology to avoid WSL2 UDP port forwarding issues: - Netcup is now WG server (has public IP, listens on UDP 51820) - Home WSL2 is WG client (connects outbound, no port forwarding needed) - Home client NAT masquerades worker traffic through residential IP - AllowedIPs=0.0.0.0/0 routes all worker internet through tunnel Co-Authored-By: Claude Opus 4.6 --- docker-compose.yml | 3 +++ wireguard/docker-compose.yml | 9 +-------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f271280..0350e11 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -63,8 +63,11 @@ services: - TZ=Europe/Berlin volumes: - ./wg-client:/config + ports: + - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv4.ip_forward=1 extra_hosts: - "host.docker.internal:host-gateway" restart: unless-stopped diff --git a/wireguard/docker-compose.yml b/wireguard/docker-compose.yml index d219edb..36c5c6c 100644 --- a/wireguard/docker-compose.yml +++ b/wireguard/docker-compose.yml @@ -1,7 +1,7 @@ services: wireguard: image: lscr.io/linuxserver/wireguard:latest - container_name: wg-server + container_name: wg-home-client cap_add: - NET_ADMIN - SYS_MODULE @@ -9,15 +9,8 @@ services: - PUID=1000 - PGID=1000 - TZ=America/Toronto - - SERVERURL=auto - - SERVERPORT=51820 - - PEERS=netcup - - PEERDNS=1.1.1.1 - - ALLOWEDIPS=0.0.0.0/0 volumes: - ./config:/config - ports: - - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_forward=1