-
Custom wireguard config help - no access to internet or dockers when active
I've posted this to the unraid subreddit but I have a feeling I might be more likely to get the answers I need here. I've set up a custom wireguard server on a VPS and created the client-side config file. I tested it in windows and it works fine, but when I try to import it to my unraid server, it just doesn't work. It defaults to "Remote access to server" for the peer type of access when it's supposed to be "VPN tunneled access...". When I try to change the peer type of access to "VPN tunneled access for system/docker", it removes chunks of the config. In the case of "VPN tunneled access for system" it drops all the Peer allowed IPs and defaults to 0.0.0.0/0, and in the case of "VPN tunneled access for docker" it drops the Peer allowed IPs and Peer endpoint and says Peer tunnel address is mandatory. It also does not import the DNS servers, so I add those manually. I've also tried setting it up manually but whatever I do, when I connect I lose access to the internet, and all my dockers lose connectivity. I've stopped my openvpn container, and all containers connected to openvpn so I don't have any other tunnels running. Wireguard definitely connects to the server because I can check the connection on both ends. I've posted the client and server side configs below in case I need to change anything. Ideally what I want is this custom wireguard tunnel to be used for a docker network (preferably ipvlan-l3) so I can just punt all the containers that need to be run through a VPN to that network and assign IP addresses rather than fiddling with container ports as I have to do with openvpn. By default it seems that Unraid sets the wg0 interface up as a bridge network, but I'm guessing I should be able to just create an ipvlan with wg0 as the parent interface right? Client Config (unraid): [Interface] PrivateKey = <client_private_key> Address = 10.6.0.240/24 DNS = 94.140.14.14, 94.140.15.15 [Peer] PublicKey = <server_public_key> Endpoint = x.x.x.x:51820 AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 94.140.14.14/32, 94.140.15.15/32 PersistentKeepAlive = 15 Server Config (VPS): [Interface] Address = 10.6.0.1/24 ListenPort = 51820 PrivateKey = <server_private_key> PostUp = iptables -A FORWARD -i wg0 -j ACCEPT PostUp = iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o ens192 -j MASQUERADE [Peer] PublicKey = <client_private_key> AllowedIPs = 10.6.0.240/24
ninjaf00t
Members
-
Joined
-
Last visited