Jump to content

ljm42

Community Developer
  • Content Count

    1530
  • Joined

  • Last visited

  • Days Won

    8

ljm42 last won the day on September 2

ljm42 had the most liked content!

Community Reputation

149 Very Good

2 Followers

About ljm42

  • Rank
    Advanced Member

Converted

  • Gender
    Undisclosed
  • Personal Text
    the answer to life, the universe, and everything

Recent Profile Visitors

2140 profile views
  1. Thanks for this call out, I've added it to Troubleshooting section. I think you might be right about needing to specify a DNS server when in "Remote tunneled access" mode. I'll do some more testing
  2. Note: this community guide is offered in the hope that it is helpful, but comes with no warranty/guarantee/etc. Follow at your own risk. This guide explains how to make an outgoing WireGuard VPN connection to a commercial VPN provider. If you are trying to access your Unraid network from a remote location, see the original WireGuard quickstart guide. Commerical VPN Providers Several commercial VPN providers support WireGuard, a few are listed below. No endorsement is implied, you need to research and determine which one meets your needs. Comment below if you are aware of others: TunSafe (currently free) Azire VPN Mullvad IVPN Note that with the current state of WireGuard, VPN providers cannot guarantee the same amount of privacy as they can with OpenVPN. See: https://restoreprivacy.com/wireguard/ Typically the objections are not around security, but around the fact that it is harder for them to guarantee that they cannot track you. Configuring VPN tunneled access Download a config file from your preferred commercial VPN provider On the Settings -> VPN Manager page, click the "Import Config" button and select the file on your hard drive. This will create a new tunnel specific to this provider. There are no settings to change, except perhaps to give it a name. Click Apply. Note: You do not need to forward any ports through your router for this type of connection Change the Inactive slider to Active Now ALL of your Unraid traffic will go through the commercial VPN tunnel. In the future it may be possible to restrict it so that only specific Dockers use the VPN tunnel. Until then, you may need to disable the tunnel in order to check for plugin updates or perform other Unraid administrative tasks. Note that currently Unraid will ignore any DNS server that is specified in the downloaded config file. Unraid's DNS should be set to something that will work whether the tunnel is up or down, such as 8.8.8.8 and 8.8.4.4 Testing the tunnel Using Community Applications, install a browser such as the jlesage/Firefox Docker container Accept all defaults Launch Firefox and visit https://whatismyipaddress.com/ you should see that your IP address is in the country you selected when you signed up with the provider
  3. From the 6.8.0-rc1 release notes: Hi plugin authors, Unraid 6.8 includes a Content Security Policy metatag that blocks mixed content from loading: <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> This means if the page is loaded over https and you try to include an http image/JS/CSS file, that resource will not load. It has no effect on pages that are loaded by http. More info here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content Refusing to load http content helps prevent man-in-the-middle attacks and ISP snooping. Anyway, if your plugin has issues loading content in 6.8, check to see whether the content is being loaded over regular http and change it to https. Also, if your plugin creates any popup dialog boxes of its own, please ensure they include both of these metatags: <meta name="robots" content="noindex, nofollow"> <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content"> The first will keep well-behaved search engines from indexing the popup (although it is now somewhat redundant with the robots.txt file). And the second ensures that mixed content is not allowed on your popup. There should be no ill effects if a plugin implements this and it is installed on an earlier version of Unraid. Here is the relevant PR showing the changes that were needed to implement this in the webgui: https://github.com/limetech/webgui/pull/523
  4. You can set them to run "at first array start only". I'd prefer if you could run them prior to starting the array, but most of the time it is a close approximation to "at boot" Also, it will run php scripts as well.
  5. To clarify, what did you use for the DNS server? Was it the router on Unraid's LAN or something else?
  6. Also see the quickstart guide here, it is possible that your issue is covered in the Troubleshooting section
  7. Go to Settings -> VPN Manager and switch from basic to advanced mode and look at the settings for your server, you'll see a "local tunnel network pool". It will be something like 10.253.0.0/24. All devices in this tunnel get their own unique tunnel address, from 10.253.0.1 to 10.253.0.253. Unraid manages this for you automatically, except for the bug that has been reported when using "remote tunneled access". Until that is fixed, you can pick any IP from 10.253.0.1 to 10.253.0.253, as long as it isn't already assigned to another client on this page.
  8. 1. We wanted a solution that works *before* the array is started, that means not a docker or a VM. 2 & 3. I'd suggest running WireGuard on a raspberry pi. Then you can complicate your network as much as you want without affecting Unraid
  9. Hi, sorry was offline this afternoon and won't be on much tomorrow either. Yes, the files are in /boot/config/wireguard/ . If you delete those files and reboot then you can start fresh. Sorry you had to go through all that. Glad you got it working! So this is where the "undetectable to bad guys" part of wireguard is tough, it makes it super hard to troubleshoot.
  10. Interesting. So the WireGuard app on the phone says it connects? What about on the Unraid dashboard, does it show a "handshake" with your client or any activity? Edit - I'd recommend trying to connect to your Unraid webgui as a first step once the tunnel is up
  11. So the issue is that your client isn't able to make a wireguard connection to the server? What error messages does the client give? What client are you using? I'd recommend starting with Android or iPhone that is NOT connected via wifi What did you confirm? Wireguard will not respond to requests that don't include the right public keys, so the only way to confirm it is working is by successfully making a connection with a WireGuard client. A port scanner should not be able to detect that WireGuard is running.
  12. Settings -> Network Settings -> Network protocol -> IPv4 only EDIT - OK, I see this in my IPv4 system log once also: Oct 11 20:38:14 Tower ntpd[1876]: bind(19) AF_INET6 fe80::7462:deff:fe79:8567%12#123 flags 0x11 failed: Cannot assign requested address Oct 11 20:38:14 Tower ntpd[1876]: unable to create socket on br0 (3) for fe80::7462:deff:fe79:8567%12#123 Oct 11 20:38:14 Tower ntpd[1876]: failed to init interface for address fe80::7462:deff:fe79:8567%12 Is it causing a problem or just don't like seeing it in the log? (Just trying to help triage )
  13. I see. If you choose "remote access to LAN" then the IP Address is added to the config properly: [Interface] PrivateKey=<snip> Address=10.253.0.2/32 But if you choose the "remote tunneled access" option, the config is invalid: [Interface] PrivateKey=<snip> Address=/128
  14. Hmm... I am not able to reproduce this. Please toggle from "basic" to "advanced" mode and post a screenshot of your configuration. Feel free to anonymize the values first, just confirm that the anonymized values also cause the problem so we can reproduce it. Oh I see it now. yep. choosing the "remote tunneled access" option creates a config that is missing the ip. Reported in the plugin thread: https://forums.unraid.net/topic/84229-dynamix-wireguard-vpn/?tab=comments#comment-780414