ken-ji

Exposing Unraid's defaut SSH config to the internet for tunnelling is one of the worst ideas, because when compromised, gives the attackers "trusted" status on the LAN, dockers, VMs, and data.

Did this ever work before? Does this work if you are on the LAN VLAN with Unraid? Is your client running some form of AV web proxy that might be mucking up the websocket connections?

I bought this for my NVME: https://www.amazon.com/gp/product/B07LC9TGC7 or maybe this for 2.5inch drives: https://www.amazon.com/ORICO-Adapter-Mounting-Bracket-Interface/dp/B01LZWX6PD

Double check your pfsense settings I can access the web terminals without issue across a site to site VPN

Also, if you have VLAN support, your docker network on the vlan is able to talk to unraid. AFAIK, openVPN works very well with its own dedicated IP ( as long as the docker network is either on a different VLAN, or interface from the Unraid )

It should be like this. You want modules loaded (and permissions changed) before the array is started (which will then start dockers and VMs) #!/bin/bash # enable iGPU for docker use /sbin/modprobe i915 chmod -R 0777 /dev/dri # Start the Management Utility /usr/local/sbin/emhttp & These are discussed in the varius plex/emby support threads

Containers that are in bridge network mode are connected to an internal bridge that cannot be accessed from outside (ipv4 or ipv6) unless ports are forwarded. you cannot forward ports thru unraid to and ipv6 address unless unraid itself is using ipv6. You need to put the container on a custom docker network, which will be exposed to the LAN (as a 1st class memeber of the LAN, responding to ARP etc) and which would allow you to set/gain an ipv6 address, that the router can reach/forward packets too. i don't think docker works with SLAAC, but documentation points to making sure the docker daemon /or network by extension should have a ipv6 prefix assigned to get ipv6 addresses from else only link local addresses get assigned.

Disclaimer: I don't have IPv6. My comments are how I would solve it (but I'm probably missing some key info as we don't have IPv6 here) Do you have /64 assigned to you by your ISP? does your router allow you to route the /64 into your LAN? If not you'll need to look into Nat6 (yuck) This requires you to assign the containers their own ipv4 and ipv6 address. not shared with the Unraid (the ipv4 only of course as Unraid doesn't have ipv6) Make sure the docker network (eth0/br0) has Ipv4 and Ipv6 enabled - you'll need to stop docker engine and the array to make these changes Assign the docker network the Ipv6 /64 (and the necessary ip ranges) restart the docker engine. Modify the container to use the custom docker network your containers should now have an ipv6 address

Reboot and grab the diagnostics

Running a Mikrotik hEX Router https://mikrotik.com/product/RB750Gr3 Its quite a bit of a learning curve for people coming from "point-n-click routers" but should be fairly straightforward for most technical users. What I really like about it is the QoS (quite a challenge) capability, and the support for VPN options (though still missing OpenVPN in UDP mode) There are some rough spots still like the built in DNS server only supporting A/AAAA records (but has regex matching) It also has builtin AP management (these need to be Mikrotik AP though) so new APs just need to be plugged in to the network and told to look for the head unit. The main feature I've loved about it until my ISP started placing users on CGNAT is how easy it is to create a site-to-site VPN between routers, just plug in the public IP on both ends and you are done.

Been an Unraid user for 4+years and counting. Convinced my brother to have one at his house to manage his stuff using old hand me down parts without real issues (save for the impossibility to automatically upgrade in the latest versions with only 2GB of RAM). Never had major issues or surprise gotchas. Still have an unused license from the old pro two packs

They look like man pages, but I have no idea why they would be in the root diretory.

How many IP address does your Unraid server have? and how are your PC:s on the 192.168.5.x network reaching Unraid? Do they access it directly? or is there another IP not mentioned here? As a quick general point. An OpenVPN-AS container can share IP with the Host (Bridged or Host network mode), so the router can just port forward those ports. However, if the ports you want to use are already in use (80 and 443 comes to mind) or the app dynamically opens ports (thus needing its own IP) a single NIC and a switch without VLAN support, will give you containers running on their own IP, but are blocked from talking to the Host.

your biggest mistake is assigning 8 IPs to Unraid on the same physical network. This will make networking work in ways you will not predict or understand. What you probably want here is to have just two bridges, and only br1 has and IP (10.23.0.11/24 - gateway 10.23.0.1) put eth0, eth1, eth2, eth3 together and bonded and bridged to br0, and assign the desired IP here then put eth4, eth5, eth6, eth7 together as bonded and bridge br4 (i think this is the correct one, else it would be br1) Configure the docker network pool to custom and delete the default one to br0, and create one for 10.23.0.0/24 (or smaller) on br4 point your containers to this network interface link your VMs to either bridge. that will simplify your life and make your network easy enough to understand: unraid is reachable via the first bond/bridge dockers on 2nd bond/bridge VMs on either it is connected.

I'm considering dropping this Dropbox image given that I'm personally moving away from Dropbox, because of their limit to 3 devices policy. I'm experimenting on rclone and checking on how I can work with my workflow on it. That said, I'd like to look into a way to automate dropbox + fixed size loopback image for the Dropbox data directory.