Allowing containers to access host network vpn interface

[pirateke]

I've set up my PVE host with a wireguard VPN (let's say on IP address 10.10.1.2) so that I can access my proxmox server from within my vpn, e.g. with the web interface at 10.10.1.2:8006. I would like to be able to also access (bridge?) this connection from my LXC container, so that my container can also be "on" that VPN network.

To be more precise about what I'm trying to achieve - I'm running uptime-kuma in an LXC container, on port 3001. I would like

1. uptime-kuma to be able to ping the wireguard "endpoint/server" at 10.10.1.1 to monitor if the server/connection ever dies
2. to be able to connect to the uptime-kuma from another machine on the same vpn at address 10.10.1.2:3001

Currently in the default container setup, only the bridge to WAN is set up (via vmbr0). Could someone explain to me how this can be achieved? Thank you!

(The alternative easy way out that I'm thinking of is just to run a separate wireguard interface on the uptime-kuma container itself - is this preferable?)

 

[shanreich]

The easiest way is probably to just use NAT. You can do this by creating a Simple Zone + VNet with SNAT enabled. Then you should be able to reach the wireguard endpoint server.

The "proper" solution is to configure your PVE host to act as a router between a private VM LAN and the wireguard network, but that is a bit more involved.