ljm42

Yeah sounds like you've pegged the issue. Using SSL without proper DNS is a bit of a hack, and it won't work unless you can find a way to make your phone resolve the <servername>.local name that you have setup. Your best bet would be to use Unraid's built-in LetsEncrypt client to provide https, as this gives you a DDNS name that will resolve from your phone.

When you say you "can't seem to ping any other devices on the network", do you mean other physical devices or do you mean VMs running on Unraid? I have no trouble accessing my router or a raspberry pi on the network. But I am not able to access VMs running on Unraid. Haven't figured out why yet.

It is unlikely that the any kind of network auto-discovery will work across the tunnel. Try connecting to the remote devices via IP address instead.

The short answer is yes. The longer answer is that from a WireGuard perspective there isn't really a difference between a server and a client, everything is a "peer". We tend to use the server/client terminology here because we are comfortable with it.

Then you have misconfigured the "Local tunnel address" in your WireGuard config. You should start over, and leave the local tunnel address at the default. The tunnel is not part of your LAN and cannot share the same IP range.

It is unlikely that network discovery will work over the VPN connection, but you should be able to connect via IP address. The WireGuard quickstart thread is a better place for this conversation: https://forums.unraid.net/topic/84226-wireguard-quickstart/ Currently you are in the thread that discusses making a connection to a commercial VPN provider.

Happy Birthday @Squid !

Nothing stands out. I would probably try a different client next.

This is the thread you are looking for. It is linked in the OP:

From the troubleshooting section of the quickstart guide:

At some point "nested virtualization by default" was removed. See this thread for info on how to add it by modifying your syslinux file:

Interesting, the hotspot must be blocking the UDP port. I would not have guessed that. Glad you were able to get it working!

I'm assuming your phone is connecting via data and not wifi, that eliminates any local network issues. What about the laptop? Is it already on the same network as the server? If so, that won't work. The laptop needs to be on a different network (perhaps you could use your phone as a hotspot to test with)

There is an easy fix. Search the first post in this thread for "Aspeed IPMI" or "nomodeset":

Google has a handful of results for "Retrying handshake because we stopped hearing back after 15 seconds", macOS seems to be a common thread. I don't see any solutions though, not sure what to suggest.

Great! Glad you were able to get it working. The ports can be the same or different, doesn't matter. I was just keeping with the theme of using a "1" in the Network1 items and a "2" in the Network2 items

I'd guess that your VPN clients are unable to access the pi-hole VM at all. I have the same problem, where clients connecting to WireGuard VPN on my main Unraid system are unable to communicate with a second install of Unraid running in a VM. Haven't figured that one out yet.

WireGuard and OpenVPN do not share configuration files. They are very different. It is possible to route your server's traffic through a WireGuard VPN Provider, more details here:

Not sure exactly. Name resolution for a private network over VPN is messy, but you did provide a DNS server so it seems like it would work. Unless maybe .local doesn't route? I don't honestly know. As mentioned in OP, I add a hosts file to the client to make sure "tower" can resolve.

I believe this is the problem. Once you establish the tunnel there are two routes for the servers to communicate and things get confused. The two servers need to be on different networks.

For those that are interested in LAN to LAN WireGuard connections:

Reserved

It is possible to setup a LAN to LAN VPN connection between two Unraid systems running Wireguard. The steps below should work on simple networks, if yours is more complicated then you'll need to figure out how to adapt it. This assumes you already have at least one working WireGuard connection and are familiar with how it works. First, gather the following information for your two networks. The names and numbers below are samples, you'll need to adjust for your situation: Network1: 192.168.1.0/24 Router1: 192.168.1.1 Unraid1: 192.168.1.50 Endpoint1 DNS: network1.duckdns.org Endpoint1 Port: 52001 Network2: 192.168.2.0/24 Router2: 192.168.2.1 Unraid2: 192.168.2.50 Endpoint2 DNS: network2.duckdns.org Endpoint2 Port: 52002 VPN Tunnel: 10.252.100.0/24 Unraid1 tunnel IP: 10.252.100.1 Unraid2 tunnel IP: 10.252.100.2 A few things: Note that Network1 and Network2 *have* to be different. For instance, you can't connect two networks that both use the 192.168.0.0/24 subnet. You also need to pick a VPN Tunnel subnet that is not being used on either network, it must be unique. You need to setup DDNS for both networks as well. LSIO has a nice Duck DNS docker you can use if needed. On Unraid1: Create a new Tunnel named "Network1-Network2". Don't add a peer to an existing tunnel, it is better if this is a separate tunnel so you can easily turn it off without affecting your other WireGuard connections. Switch to Advanced Mode Click "Generate Keypair". These are the private and public keys for Unraid1, you will need them later. Set the "local tunnel network pool" to the "VPN Tunnel" you chose above Set the "local tunnel address" to the "Unraid1 tunnel IP" from above Set the "Local endpoint" to the "Endpoint1 DNS" and "Endpoint1 Port" defined above Click Apply Click Add Peer Name it "Unraid2" Choose "LAN to LAN access" Click "Generate Keypair". These are the private and public keys for Unraid2, you will need them later. Click "Generate Key". This is the preshared key, you will need it later. Set the "Peer tunnel address" to the "Unraid2 tunnel IP" defined above Set the "Peer endpoint" to the "Endpoint2 DNS" and "Endpoint2 Port" defined above Set "Peer allowed IPs" to the "VPN Tunnel" and "Network2" defined above, with a comma between. i.e. "10.252.100.0/24, 192.168.2.0/24" Click Apply Start the Tunnel On Router1: If UPnP is disabled, setup a port forward for "Endpoint1 Port" (UDP) that points to "Unraid1" Setup a static route for all of "Network2" that is routed through "Unraid1". Note that if your router asks for a subnetmask, 255.255.255.0 is the equivalent of /24. Setup a second static route for "VPN Tunnel" that also is routed through "Unraid1". On Unraid2: Create a new Tunnel named "Network2-Network1". Switch to Advanced Mode Copy the private and public keys for Unraid2 that you determined above. Take care to use the correct keys or none of this will work. Set the "local tunnel network pool" to the "VPN Tunnel" you chose above Set the "local tunnel address" to the "Unraid2 tunnel IP" from above. Set the "Local endpoint" to the "Endpoint2 DNS" and "Endpoint2 Port" defined above Click Apply Click Add Peer Name it "Unraid1" Choose "LAN to LAN access" Copy the private and public keys for Unraid1 that you determined above Copy the preshared key from above Set the "Peer tunnel address" to the "Unraid1 tunnel IP" defined above Set the "Peer endpoint" to the "Endpoint1 DNS" and "Endpoint1 Port" defined above Set "Peer allowed IPs" to the "VPN Tunnel" and "Network1" defined above, with a comma between. i.e. "10.252.100.0/24, 192.168.1.0/24" Click Apply Start the Tunnel On Router2: If UPnP is disabled, setup a port forward for "Endpoint2 Port" (UDP) that points to "Unraid2" Setup a static route for all of "Network1" that is routed through "Unraid2". Setup a second static route for "VPN Tunnel" that also is routed through "Unraid2". Hopefully at this point your tunnels will connect and devices on one network will be able to reach devices on the other network (by IP address at least, probably not by name) Troubleshooting this will be tough, there is a lot of room for error. I don't have a lot of advice here, just double check that you are using the right values for Unraid1 vs Unraid2 and Network1 vs Network2, etc.

Looks like this was included in 6.8.2, great! TLSv1 and v1.1 were removed, now v1.2 and v1.3 are available. If you modified your go script as described above, you should remove it.

This was added to 6.8.2, please remove any additions you made to your go script and restest