wg0.conf [Interface] Address = 10.xxx.xxx.xxx/32, fd7d:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 PrivateKey = MTU = 1320 DNS = 10.128.0.1, fd7d:76ee:e68f:a993::1 PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT [Peer] PublicKey = PresharedKey = Endpoint = america.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 15 --- docker-compose.yaml - IPv6 works, real IPv6 address not exposed version: "3.9" services: airvpn: image: linuxserver/wireguard:latest container_name: airvpn cap_add: - NET_ADMIN environment: - PUID=1000 - PGID=1000 - TZ=America/Los_Angeles volumes: - ./airvpn/wg0.conf:/config/wg0.conf - /lib/modules:/lib/modules sysctls: net.ipv4.conf.all.src_valid_mark: 1 net.ipv6.conf.all.disable_ipv6: 0 ports: - 9091:9091 privileged: true restart: always transmission: image: linuxserver/transmission:latest container_name: transmission network_mode: service:airvpn depends_on: - airvpn volumes: - ./transmission/config:/config:rw - /downloads:/downloads:rw environment: - PUID=1000 - PGID=1000 - TZ=America/Los_Angeles env_file: - ./.env restart: always --- deployment.yaml for Kubernetes - real IPv6 address is exposed apiVersion: apps/v1 kind: Deployment metadata: name: bittorrent annotations: keel.sh/policy: all security.alpha.kubernetes.io/unsafe-sysctls: net.ipv4.conf.all.src_valid_mark=1 security.alpha.kubernetes.io/unsafe-sysctls: net.ipv6.conf.all.disable_ipv6=0 spec: replicas: 1 selector: matchLabels: app: bittorrent template: metadata: labels: app: bittorrent spec: nodeSelector: kubernetes.io/hostname: obsidiana containers: - name: airvpn image: linuxserver/wireguard:latest securityContext: privileged: true capabilities: add: ["NET_ADMIN"] env: - name: PUID value: "1000" - name: PGID value: "1000" - name: TZ value: America/Los_Angeles ports: - containerPort: 9091 volumeMounts: - name: airvpn-config mountPath: /etc/wireguard/wg0.conf subPath: wg0.conf - name: lib-modules mountPath: /lib/modules - name: transmission image: linuxserver/transmission:latest livenessProbe: httpGet: path: /rpc port: 9091 env: - name: PUID value: "1000" - name: PGID value: "1000" - name: TZ value: America/Los_Angeles - name: USER valueFrom: secretKeyRef: name: transmission-secrets key: USER - name: PASS valueFrom: secretKeyRef: name: transmission-secrets key: PASS volumeMounts: - name: transmission-config mountPath: /config - name: downloads mountPath: /downloads volumes: - name: transmission-config hostPath: path: /srv/bittorrent/transmission/config - name: airvpn-config configMap: name: airvpn-config - name: lib-modules hostPath: path: /lib/modules - name: downloads hostPath: path: /downloads