klib.so Posted November 28, 2020 Report Share Posted November 28, 2020 (edited) Just wanted to start a conversation about the possibility of having individual wireguard interfaces in the containers. Obviously we're all sharing the same couple of running kernels, but a cursory search would seem to suggest it's possible. I think there would have to be some permissions/scoping kind of setup, but I'm not seeing why it would be too difficult beyond that. Also from an admittedly limited understanding of the internals I can't see why it would add significant load to the system either, but I'm open to correction haha Thoughts? Edited November 28, 2020 by klib.so Link to comment Share on other sites More sharing options...
klib.so Posted December 2, 2020 Author Report Share Posted December 2, 2020 Ok so did a bit of testing on a local funtoo container and it seems to just work if the module has been loaded in the bare metal OS. emerge wireguard-tools nano /etc/wireguard/wg0.conf wg-quick up wg0 Works perfectly and didn't seem to mess with the parent OS who has an interface with the same name. So do you think we could have this added to the kernels? It's as simple as: emerge wireguard; modprobe wireguard and I suppose add to /etc/conf.d/modules for reboots. Link to comment Share on other sites More sharing options...
Recommended Posts