Question
Setting Wireguard VPN with Docker Swarm
- Posted on April 1, 2025
- DockerVPNDevOpsDroplets
Asked by 4dffced50bf3449a896580359da481
I have my services running in docker swarm and want to make the services accessible using my private ip server. I already setup the wireguard vpn and ufw rules so that when i connected to the vpn, i can ssh to my server using private ip and it worked. but when it comes to the service, it failed (example {private_ip}:9000). i set ufw rules, iptables and so on but i still can’t access my service using private ip. any suggestion on what should i config? does this have conflic since docker swarm is managing their own networking and override iptables? if yes, then what is the workaround you guys suggest? many thanks
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Get our newsletter
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hey!
I think the issue might be related to how Docker Swarm handles its own networking, it kind of overrides iptables and that might be interfering with your setup.
If your service isn’t using
mode: hostfor the published ports, I guess it could be why you can’t access it over the private IP through WireGuard.You might also need some extra routing or NAT rules to make traffic from the VPN subnet reach the service properly.
I’ve seen people use a reverse proxy on the host to get around this too. I’ve also been using this personally.
- Bobby