Has anyone been able to successfully install and configure WireGuard on a Linux systemd-nspawn ‘jail’? How?
I have been able to move away from kubernetes/SCALE apps with such jails (all of my installs run Tailscale for remote management, and the performance overhead from the k3s service for such a simple task was annoying, to say the least), but I’m stuck trying to set up WireGuard. I know it is possible - there’s an app for that, after all - but can’t seem to make it work inside a jail (I’m working with these via the jailmaker script by @Jip-Hop).
FWIW, I have installed WireGuard on a number of bare metal and virtual machines, and the procedure is straightforward to me.
On the old forum people have report successful installation of wireguard in the jail in the jailmaker thread. I think their posts will have some hints which may be useful to you.
Tailscale simply works, running their install script - the only thing needed is the --capability=CAP_NET_ADMIN argument in the jail config.
Anyway, I did manage to get WireGuard running for now as a docker container inside a jail, following this link: GitHub - linuxserver/docker-wireguard
It takes a couple minutes to accept connections when the jail is restarted, but it is enough for my current needs. I’ll investigate further how to do this without docker, as a side project.
