ljm42

Your screenshot shows each of those tunnels are still in "basic" mode.

Move the slider from "basic" to "advanced", that will enable the "delete tunnel" button.

Try stopping the array first, then restarting the system. This will ensure the Shutdown time-out doesn't kill the array before it is ready. Also see:

Thanks @johnnie.black so if this command returns anything then a controller is in IDE mode and should be changed to AHCI mode if possible: lspci -v | grep "ata_piix" Is there a wiki page or somthing that FCP could direct users to? Tagging @Squid to see if he wants to add this check to FCP

@johnnie.black how can you tell IDE vs AHCI? Is this something that FCP should warn about?

LAN to LAN connections are possible: However, this does not merge the two LANs into one, it creates a tunnel to pass the traffic between them. There is no way to give the Xbox an IP address on the tunnel unless you can run the WireGuard client on the Xbox. I doubt that is possible.

If you are sure the tunnel is up and running, then it is mostly likely a DNS resolution issue. By default, the DNS on your LAN is not exported to the WireGuard tunnel. You can try filling in the "Peer DNS server" field with your network's DNS server. I haven't done much with this though.

as I said, it is possible in theory but we haven't figured it out yet

Perhaps you inadvertently changed your network settings? Post a screenshot of what you see on Settings -> Network

It is possible in theory but we haven't figured it out yet. This is the thread you are looking for:

I'd suggest taking a closer look at the options described in the first post of this thread. The only option that would route all of of the client's traffic through the tunnel is the "remote tunneled access" option. If you choose one of the other options, such as "remote access to LAN" then it uses split-tunneling and only traffic destined for Unraid's network would go through the tunnel.

The listen port on the phone doesn't matter. I'd suggest dropping the DNS and change to "Remote access to LAN" and see if you can get that working. Basically, make it as simple as possible until you get a connection working, then start adding things in. Be sure to read the general troubleshooting tips in the first two posts as well.

Is this your first attempt at a connection? You are jumping all the way into the deep end Take it a step at a time and get a basic connection going before you start messing with a local DNS server. You need to isolate what is a WireGuard connection problem from a routing problem. Speaking of routing, there is a typo in your static route. It should 10.253.0.0/24 not 10.0.253.0/24 I don't use IPV6. It may help to disable IPV6 initially just to rule out issues.

The Ping buttons are not part of normal operation, they are just there to aid in troubleshooting. Although as you said they can fail for reasons not related to WireGuard. If the tunnel has dropped it should start automatically whenever either side tries to access a remote resource. If it can only be started from one end, then you need to check the peer endpoint settings and port forwards for the other end.

FYI, as of 6.8.2 Unraid should work with wildcard certs. See:

I think you are right. @bonienl , can you take a look at the Server to Server option? The peer config file contains the entire LAN: AllowedIPs=10.253.2.1/32, 192.168.10.0/24 Pretty sure that should just contain the local IP of the server: AllowedIPs=10.253.2.1/32, 192.168.10.51/32

If the connection can only be established from one end, then something is wrong with the other end's peer endpoint host:port setting or the port forward. When everything is working properly, either end should be able to establish the tunnel.

I would just have the clients connect to each other directly, no need for Unraid in the middle

Rough instructions for server to server: setup WireGuard on one server using the "Server to Server access" option, then download the config file and on the other server choose "Import Tunnel" The only private key that Unraid requires is the "Local private key". Entering the "peer private keys" in Unraid is an optional convenience feature so you can completely manage your clients from within the Unraid gui. You are welcome to manage your private keys elsewhere and only provide Unraid with the "peer public keys" if you like. So that each server can access the other using the typical IP address that you are used to using. If you want to use the tunnel IP instead you can. The peer section of the gui writes some data to peer portion of the server's /boot/config/wireguard/wg0.conf file and some data gets exported to the peer config files. Different things are needed in each. Keep in mind that the plugin is a front-end for WireGuard, it simply provides a gui for putting data into the various config files and then starts the WireGuard tunnels. If you would like to really understand what is going on behind the scenes you should read through some general "how to setup WireGuard" tutorials, then you'll have a better idea of what each of those config files does (and a better appreciation for the gui )

Lots of questions here, maybe this tidbit will help: The "Peer allowed IPs" setting in the interface goes in the server config file /boot/config/wireguard/wg0.conf. It is rare to need to edit this field, the main reason is for lan to lan connections as described here: The "Peer type of access" dropdown affects the values of "AllowedIPs" that is sent to clients. this is a convenience setting only, as the client can change it to whatever they want. If you haven't seen the WireGuard quickstart guide yet, it has a lot of good info:

The blog post is very high level. Read the first two posts here for more detail. But to answer your specific questions: As mentioned in the "Troubleshooting WireGuard" section, WireGuard fails silently and cannot be detected by a port scanner. If you are trying to connect to it from your own network, that won't work. You need to connect from a remote network that has a different IP range of the network Unraid is on. If it isn't working remotely, then there is likely an issue with the port forward through your router. In general WireGuard connections are very tough to troubleshoot, they either work or they don't. Read the whole troubleshooting section for more ideas.

Is your server exposed to the internet?

This should have happened when you set the client to "Remote Tunnel Access". Would you please re-download the client config file and see what value it has there?

perfect!

If the flash drive drops then you are guaranteed a parity check when the system boots back up, because there is no way for the shutdown process to write the flag to the flash drive that says it was a clean shutdown. It is still a good idea to try and shut down as gracefully as possible though (i.e. run the powerdown command) to minimize the chance that there will be an actual problem with the array.