RaphMad

I found out that `linuxserver/wireguard`: * Works in "vanilla" Docker * Works when using `docker-ipv6nat` * Does _not_ work when using `"experimental": true, "ip6tables": true` It seems that theres some...

Just as a follow-up to my comment above, I found the problem to be the _default policy_ set on the `FORWARD CHAIN`, which was set to `DROP` therefore rendering all...

Thanks for the template, I tried to apply all required changes to the PR, joined the mailing list and sent a patch message.

Ah fair point - my local build pipeline uses that patch already. But since I only set it up for the non-systemd case, I never got to try the other...

Thanks for all your helpful comments - I think I performed all necessary steps now. Having such a minimal change was a great introduction into your dev workflow, maybe I'll...

I think the mechanism for determining config changes is by hashing the config and storing that hash in the label `com.docker.compose.config-hash`. You can check if the label changes between invocations...

I created an alpine/musl based docker container https://github.com/RaphMad/openvpn3_linux_docker, along with a sample `docker-compose.yml` that shows its basic usage. Needing to run as root and requiring `privileged: true` are the biggest...

Wouldn't running netcfg on the host always create the `tun` adapter on the host, which is a quite different use-case than providing a tunnel within a namespaced network environment only...

One of the weirder things when trying to minimize capabilities for my docker container is that `privileged: true` works, but removing it and setting all of `apparmor:unconfined`, `seccomp:unconfined` and `cap_add:...

I understand your points, and already got some experience with mounting the dbus socket into containers. The challenge for that use-case would be to create an apparmor profile thats not...