Last active
March 8, 2025 10:24
-
-
Save dsecuma/7bcb652a5021ca7961a36926401d2b02 to your computer and use it in GitHub Desktop.
Wireguard VPN on podman w selinux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| podman network create nwk-wg-full | |
| sudo modprobe iptable_raw | |
| podman run \ | |
| --cap-add=NET_ADMIN \ | |
| --cap-add=NET_RAW \ | |
| --name=wg-full \ | |
| --detach \ | |
| --network=nwk-wg-full \ | |
| --publish=51820:51820/udp \ | |
| --env PUID=1001 \ | |
| --env PGID=1001 \ | |
| --env TZ=America/Winnipeg \ | |
| --env SERVERPORT=51820 \ | |
| --env PEERS=5 \ | |
| --rm \ | |
| --volume wg_full_config:/config:Z \ | |
| --sysctl net.ipv4.conf.all.src_valid_mark=1 \ | |
| --sysctl net.ipv4.conf.all.forwarding=1 \ | |
| --sysctl net.ipv4.ip_forward=1 \ | |
| docker.io/linuxserver/wireguard:latest | |
| firewall-cmd --permanent --add-masquerade | |
| firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i eth0 -o eth0 -j ACCEPT | |
| firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| # podman -it exec /bin/bash wg-full |
Comments are disabled for this gist.