Jump to content

Docker Wireguard custom network has access to clearnet when tunnel is not active


Recommended Posts

I was surprised when I noticed my docker container having access to Internet through my ISP even though my Wireguard tunnel was not active and the container was bound to `wg1` network only.

I think the possible cause of this is that Unraid creates wg1 custom network with `internal=false` flag meaning the network has access to host internet.

I am concerned as it could be a privacy issue leaking my real IP to the internet through docker containers which I want ONLY to access Internet through a tunnel.

 

I am not entirely sure wether I should discuss it here first or should've created a post in Bugs subform, feel free to move the thread...

 

My setup:

System: Unraid 6.12.11

Wireguard tunnel settings:

- Peer type of access: tunneled access for docker

- Status: inactive

Docker settings:

- Docker custom network type: macvlan

- Host access to custom networks: Disabled

- Preserve user defined networks: Yes

Docker container:

- Network Type: Custom: wg1

 

Edited by miltador
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...