{"id":13558534,"url":"https://github.com/FreifunkMD/wg-docker","last_synced_at":"2025-04-03T13:31:30.466Z","repository":{"id":54395800,"uuid":"151882785","full_name":"FreifunkMD/wg-docker","owner":"FreifunkMD","description":"Docker Container running a Gateway with wireguard and babel","archived":false,"fork":false,"pushed_at":"2023-04-16T15:02:20.000Z","size":35,"stargazers_count":3,"open_issues_count":3,"forks_count":6,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-11-04T09:37:24.774Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/ffmd/wg-docker","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FreifunkMD.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-10-06T21:23:46.000Z","updated_at":"2023-01-20T10:33:21.000Z","dependencies_parsed_at":"2024-01-17T06:11:03.166Z","dependency_job_id":"fcf8b65e-7930-4f19-8b98-b50aa459e584","html_url":"https://github.com/FreifunkMD/wg-docker","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FreifunkMD%2Fwg-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FreifunkMD%2Fwg-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FreifunkMD%2Fwg-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FreifunkMD%2Fwg-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FreifunkMD","download_url":"https://codeload.github.com/FreifunkMD/wg-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247009620,"owners_count":20868578,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:05:00.662Z","updated_at":"2025-04-03T13:31:30.217Z","avatar_url":"https://github.com/FreifunkMD.png","language":"Shell","funding_links":[],"categories":["Shell","others"],"sub_categories":[],"readme":"# wg-docker\nDocker Container running a Freifunk Gateway. It contains the following components\n\n* wireguard\n* Wireguard-broker\n* babeld\n* mmfd\n* l3roamd\n\nAn image can be pulled from dockerhub:\n```\ndocker pull ffmd/wg-docker\n```\n\n# Building the Image\n\n```\ndocker build . \\\n--tag wireguard:latest\n```\n# Running a container\n\nThe image will require some variables and parameters to be set in order to run:\n\nIt is designed to be run like this when in interactive mode:\n```\nmodprobe ip6_tables\nmodprobe wireguard\ndocker run -a stdin -a stdout -a stderr -it --rm --name wg \\\n--network host \\\n--cap-add=NET_ADMIN \\\n--device /dev/net/tun:/dev/net/tun \\\n--env-file ./env-file \\\n--privileged \\\nffmd/wg-docker\n```\n\nThe required settings are:\n\n* sysctls as babeld will require them:\n  * `net.ipv6.conf.all.accept_redirects=0`\n  * `net.ipv4.conf.all.rp_filter=0`\n  * `net.ipv6.conf.all.forwarding=1`\n* tun device: l3roamd and mmfd will require it: \\\n  --device /dev/net/tun:/dev/net/tun\n* the NET_ADMIN capability is required by mmfd, l3roamd, babeld\n* The env-file specifies variables to run. Rename env-file.example and start from there.\n* privileged is used by babeld to set rp_filter on each new mesh device. Since those are generated on the fly, this cannot be set from the outside of the container. Babeld can be patched such that this setting is not required. The patch is raised as [PR 23](https://github.com/jech/babeld/pull/23).\n\nbabeld will distribute all routes that are added to routing tables 11 and 12 and it will export all routes to table 10.\nL3roamd from within the container will fill table 11\nIf you want to distribute a default route in the network, run something like\n```\nIp -6 r a fe80::1 dev eth0 proto bird table 12\n```\non the docker host.\n\n\nWhen running with strace, the following capabilities should be added:\n```\n --cap-add sys_admin --cap-add sys_ptrace\n```\n\n\n# runtime environment\n\nWhen running the container a bit of environment setup must happen:\n\n* set up ip address for main interface\n* Set up routing rules for the whole net\n* Allowing traffic for mmfd, babeld and l3roamd\n* MSS Clamping to compensate pmtu breakage in the own net and on the internet\n\n```\n#!/bin/bash\nip -6 r d default\nip -6 r a default via fe80::1 dev eth0 src 2a01:4f8:1c1c:71b5::1\n\n# lookup clat prefix in freifunk routing table\nip -6 ru a to fdff:ffff:ffff::/48 lookup 10\nip -6 ru a to fdff:ffff:fffe::/48 lookup 10\n\n# reach the rest of the batman network\nip -6 r a fda9:26e:5805::/64 dev backend-gw2 proto static\n\nip -6 a a fda9:26e:5805:bab1:aaaa::1/64 dev eth0\nip -6 r a fda9:26e:5805::2 dev backend-gw2 proto static t 12\nip -6 r a fda9:26e:5805::2 dev backend-gw2 proto static t 10\nip -6 r a 2000::/3 from fda9:26e:5805::/48 dev backend-gw2 proto static t 10\nip -6 r a 2000::/3 from fda9:26e:5805::/48 dev backend-gw2 proto static t 12\nip -6 r a fda9:26e:5805::/48 dev backend-gw2 proto static t 10\nip -6 r a fda9:26e:5805::/48 dev backend-gw2 proto static t 12\n\nmeshifs=\"babel-wg-+ backend-bab+\"\nfor i in $meshifs\ndo\nip6tables -I INPUT 1 -i $i -s fe80::/64  -p udp -m udp --dport 6696  -j ACCEPT\nip6tables -I INPUT 1 -i $i -s fe80::/64  -p udp -m udp --dport 27275  -j ACCEPT\nip6tables -I INPUT 1 -i $i -s fda9:026e:5805:bab1::/64  -p udp -m udp --dport 6696  -j ACCEPT\nip6tables -I INPUT 1 -i $i -s fda9:026e:5805:bab1::/64  -p udp -m udp --dport 27275  -j ACCEPT\nip6tables -I INPUT 1 -i $i -p udp -m udp --dport 5523  -j ACCEPT\n\n# MSS Clamping\nip6tables -t mangle -A FORWARD -o $i -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\niptables -t mangle -A FORWARD -o $i -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\nip6tables -t mangle -A OUTPUT -o $i -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\niptables -t mangle -A OUTPUT -o $i -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n\ndone\n\nexit 0\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFreifunkMD%2Fwg-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFreifunkMD%2Fwg-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFreifunkMD%2Fwg-docker/lists"}