Are there any folks that are trying to setup the use case of WireGuard in a docker environment.
And running HA seperatly as a virtual machine?
( all in proxmox )
I have manged to be able to ping the tunneled ip adres when using WireGuard VPN.
But really accessing the proper url/website for HA is not been successful.
Keep saying the website the acces has been denied
So you are running a HA VM, then on the same Proxmox a Wireguard docker container?
If this is the case, it will complicate things on the network side since docker uses its own subnet. You will basically have to tell trafic to go through the subnet of Wireguard over the docker subnet to the subnet the HA instance is on.
Are you sure the HA VM is answering the ping?
Oei, I see I made a mistake there.
Running HA and WireGuard in ProxMox with the usages of VM’s.
Indeed going docker route would complicate it quite alot.
First created a port forwarding rule in my router.
I’ve set it up through WgDashboard as followed:
Overall peer settings:
VPN Configuration:
Peer settings, where the endpoint ip the HA ip address is:
After this I scan the QR code which is generated with my phone.
Disconnect from home Wi Fi and try to VPN to HA.
But sadly enough getting err_connection_refused
using a ping tool on my phone , i’m able to ping to the VPN IP address 10.11.0.2
Oof ok, so try to allow 0.0.0.0 as endpoint allowed IP’s. Also you are testing from the same lan to connect to the VPN? Cause if you do not have an external IP forwarded from your router (external side) to the IP address of the VM, you are basically going to a public IP range on the internet to try to connect to 10.11.0.2.
So taking a step back:
If you want to set up Wireguard to connect to your home HA instance, you will need the following:
Thank you for the reply.
with public address you mean the DDNS domain address?
If so , how could you than handle different internal IP addresses to connect to ?
Cause reading you steps. Feels alot like I did in my steps with the printscreens in the reply above right?
With the public ddns, you only need one ‘entry’ to the Wireguard VM, this will then put gour phone and VM on the 10.x network and everything you want to access on the VM network, will flow through there.
This means what you want to access from the 10.x network needs to be allowed → that’s the part where I said to start with 0.0.0.0, you van always reduce access later.
Can you tell me which of the steps you did execute or which tutorial you are following?
Also yes, you performed a large part of the steps listed, I am trying to confirm if every step was taken.
Ah ha found it…
I created a new WireGuard configuration and you have to set up the additional settings.
Those were probably setup in the example configuration that came with it.
But I deleted that 
Found here info:
Adding the following made it work instantly 
PostUp:
iptables -A FORWARD -i NAMEOFYOURCONFIG -j ACCEPT; iptables -A FORWARD -o NAMEOFYOURCONFIG -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
PostDown:
iptables -D FORWARD -i NAMEOFYOURCONFIG -j ACCEPT; iptables -D FORWARD -o NAMEOFYOURCONFIG -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
