Hi!
I am trying to add my wg container to traefik but it does not work for me..maybe you can help?
Background:
traefik container is on host 192.168.1.29 and it also has a macvlan with ip 192.168.1.251
This macvlan ip is port forwarded on my router with port 51820.
wg-easy container is on a different host with ip 192.168.1.150.
wg.domain.com is in cloudflare DNS without proxy.
Here is what I have in static file:
entryPoints:
wireguard:
address: ":51820/udp"
And in the dynamic file:
udp:
routers:
wireguard-router:
entryPoints:
- "wireguard"
service: "wireguard-service"
services:
wireguard-service:
loadBalancer:
servers:
- address: "192.168.1.150:51820"
Yet when I connect to the VPN, I have no traffic. Only data sent, no data received. If I port forward directly from 192.168.1.150, everything works.
Thanks!
Just my personal opinion, but I would not use a reverse proxy for VPN traffic.
A reverse proxy is mainly intended for http(s), to forward requests to different target services by matching host/path.
Why create an extra hop for your VPN UDP packets, which requires processing, memory and adds latency?
And in case of a failure, maybe because of a bad Traefik upgrade, will disable your VPN access, which might hinder an easy rollback.
Yes I know what you mean. I wanted to have everything behind proxy, more as a test.
On second thought: UDP is only packets, not a connection/session like TCP. So you can forward incoming packets to WireGuard, but the reverse will probably not work.
I added rustdesk which also uses UDP and it works, ish. Sometimes it connects right away, sometimes it takes some time, sometimes it just fails.
I feel UDP is not working properly with traefik 
That is probably correct, as Traefik is a TCP and http/s reverse proxy. Those protocols establish a connection, through which requests and responses get passed.
UDP is different. If a response is working probably depends on the proprietary content of the UDP packet, if the original senders IP is included in the message. So it may vary by application.