#StackBounty: #linux #networking #ubuntu #docker #wireguard Docker suddenly stopped working with Wireguard, unable to fetch http://dl-c…

Bounty: 100

Wireguard and Docker have been working for quite a while together under this same configuration, but this morning I started working and I couldn’t get my docker containers to talk to AWS properly.

I have a feeling this is some kind of network change at the co-working space I’m at that’s conflicting with my machine’s configuration. The only way I’ve been able to confirm that is if I turn WG off, docker build + running the containers starts working again, or if I keep WG on but connect to my phone’s hotspot, it also works.

Furthermore, I couldn’t build containers via docker-compose. The simplest way I’ve been able to replicate the problem is via:

jacob@jacob-ThinkPad-P52s:~$ docker run --rm -ti alpine apk update
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz

Running that container with apk update just ends in an endless hang trying to get APKINDEX.tar.gz. If I navigate to the same URL on the host OS, I don’t have any issues.

I have a similar issue trying to contact the AWS SES service from within the docker containers, this just hangs forever:

jacob@jacob-ThinkPad-P52s:~$ docker run --rm -ti alpine wget https://email.us-east-1.amazonaws.com
Connecting to email.us-east-1.amazonaws.com (

Doing the same from the host machine gives a response immediately. The container is running on a non-default subnet (has an IP of

The co-working space is using the subnet:

3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 98:3b:8f:32:92:2c brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic noprefixroute wlp4s0
       valid_lft 80541sec preferred_lft 80541sec
    inet6 fe80::c263:54cf:5e8c:a865/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Wireguard configuration:

jacob@jacob-ThinkPad-P52s:~$ sudo wg showconf wg0
ListenPort = 51222
FwMark = 0xca6c
PrivateKey = <private key>

PublicKey = <public key>
AllowedIPs =
Endpoint = <server ip>:41194
PersistentKeepalive = 15

Some other potentially useful info:

jacob@jacob-ThinkPad-P52s:~$ ip route
default via dev wlp4s0 proto dhcp metric 600 dev wlp4s0 proto kernel scope link src metric 600 dev docker0 proto kernel scope link src dev br-b06c6d86e92b proto kernel scope link src dev wlp4s0 scope link metric 1000 dev wg0 proto kernel scope link src

jacob@jacob-ThinkPad-P52s:~$ uname -a
Linux jacob-ThinkPad-P52s 5.4.0-77-generic #86-Ubuntu SMP Thu Jun 17 02:35:03 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

jacob@jacob-ThinkPad-P52s:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:    20.04
Codename:   focal

I’m honestly pretty past my abilities currently and am kind of firing in the dark here. Any help troubleshooting would be immensely appreciated.

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.