What is the best way to route all my outgoing network requests via wiregaurd

The Problem

I am trying to connect to a MongoDB Atlas Cluster from a Fly VM that is running a node app. The issue is that Atlas uses an IP whitelist and Fly, so far, does not support static/fixed IPs out of the box.

What I’ve done

  1. Create a Digital Ocean Droplet (with a fixed IP) and set up Wireguard to allow Fly and the Droplet to easily communicate.
  2. Whitelisted the Droplet’s IP so that it can connect to MongoDB.
  3. Locally on my development machine, set up Wireguard + set up a SOCKS proxy by SSH’ing to my Droplet e.g. ssh -D 5665 -N -f -q -i ./ssh/cert droplet. The node driver for mongo supports SOCKS proxying out of the box, which is why I chose it. And I can confirm that I am able to connect to MongoDB from my none whitelisted IP.

The Question

What is the simplest way to achieve a similar setup on a Fly VM?

I’ve considered running an SSH SOCKS proxy from within the Docker container, but that seems like a hassle/security issue with having to pass around SSH keys, etc.

Is there a way to setup a SOCKS proxy (or equivalent functionality) using Wireguard, or some other method?

Happy to clarify anything :slight_smile:

To answer my own question, the easiest solution, was to run a Dante server SOCKS proxy on the Digital Ocean Droplet.

This allows me to run a proxy, that only accepts connections on the WireGuard interface. And authentication is via username/password - which I pass into my Fly.io container via Fly’s secrets