ken-ji
-
Posts
1,245 -
Joined
-
Last visited
-
Days Won
4
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by ken-ji
-
-
On 9/2/2019 at 11:07 AM, Jenardo said:
Setup:
- 2 NICs
-
Followed @ken-ji's solution to sidestep the mcvlan security
- No bonding between interfaces
- No IP assigned to eth1
- Replace docker's eth0/br0 settings with eth1/br1
- Move all containers that were on custom:br0 to custom:br1
-
Setup the openvpn-as container
- Version: 2.6.1-ls11 (seems to be the most stable)
- bridge mode
-
VPN settings
- Added my subnet to the routing section
Test:
- My openvpn client can connect to the server
- I can reach my unraid GUI
- => Problem: I cannot access any of the containers running on custom:br1
I went through the last ~25 pages of this topic. There were a few posts complaining about a similar issue then they went silent. I couldn't see any replies to their questions (unless I missed them of course). Any help is appreciated.
@jfrancais you seem to have had a similar issue. Ever managed to resolve it?
Edit 1: I tried to ping/telnet the custom:br1 containers through the openvpn-as container's shell, but couldn't. I believe this means a problem with the network settings. I am sure I followed the steps that @ken-ji outlined.
Edit 2: Changing the openvpn-as container to host mode allows me to ping/telnet custom:br1 containers through the shell. However, vpn clients still cannot connect to custom:br1 containers!
@Jenardo can you show the actual network settings? ip addresses and routes? and the same info from within the openvpn-as container?
-
I am currently doing the same, (except I'm using GRE over IPSEC as my routers don't have OpenVPN UDP support) and have linked 3 sites together. Do note that the overall speed for file transfer (and the latency!) will be determined by the Unraid servers' upload speed, your download speed and the VPS upload + download. If you are not on CGNAT (as I am) it might be possible to have your routers connect to each other directly (as i did before CGNAT was implemented)
Haven't tried getting a seedbox so not sure what you can cannot run on it.
-
1
-
-
Exposing Unraid's defaut SSH config to the internet for tunnelling is one of the worst ideas, because when compromised, gives the attackers "trusted" status on the LAN, dockers, VMs, and data.
-
Did this ever work before? Does this work if you are on the LAN VLAN with Unraid? Is your client running some form of AV web proxy that might be mucking up the websocket connections?
-
I bought this for my NVME: https://www.amazon.com/gp/product/B07LC9TGC7
or maybe this for 2.5inch drives: https://www.amazon.com/ORICO-Adapter-Mounting-Bracket-Interface/dp/B01LZWX6PD
-
Double check your pfsense settings
I can access the web terminals without issue across a site to site VPN -
Also, if you have VLAN support, your docker network on the vlan is able to talk to unraid.
AFAIK, openVPN works very well with its own dedicated IP ( as long as the docker network is either on a different VLAN, or interface from the Unraid )
-
On 8/18/2019 at 8:57 AM, SeanGoneWild said:
Hey everyone,
Basically I am trying to pass through the graphic driver to a docker to enable emby to access hardware accelleration.
I have found some instuctions for plex that run a treat to get the driver to appear so it can be passed through, except it is does not retain after a reboot of the server.
The instructions I had followed were: https://forums.unraid.net/topic/77943-guide-plex-hardware-acceleration-using-intel-quick-sync/
There was a step to update the /boot/config/go file with the following at the end:
modprobe i915
chmod -R 777 /dev/dri
My go file is as following:
#!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & #Setup drivers for hardware transcoding in Emby modprobe i915 chmod -R 777 /dev/dri/However this appear to not be running as the /dev/dri folder does not appear but sometimes does when the steps are running manually.
Has this changes with the latest release of unraid 6.7.2?
Cheers,
Sean
It should be like this. You want modules loaded (and permissions changed) before the array is started (which will then start dockers and VMs)
#!/bin/bash # enable iGPU for docker use /sbin/modprobe i915 chmod -R 0777 /dev/dri # Start the Management Utility /usr/local/sbin/emhttp &These are discussed in the varius plex/emby support threads
-
1
-
-
Containers that are in bridge network mode are connected to an internal bridge that cannot be accessed from outside (ipv4 or ipv6) unless ports are forwarded. you cannot forward ports thru unraid to and ipv6 address unless unraid itself is using ipv6.
You need to put the container on a custom docker network, which will be exposed to the LAN (as a 1st class memeber of the LAN, responding to ARP etc) and which would allow you to set/gain an ipv6 address, that the router can reach/forward packets too.
i don't think docker works with SLAAC, but documentation points to making sure the docker daemon /or network by extension should have a ipv6 prefix assigned to get ipv6 addresses from else only link local addresses get assigned.
-
Disclaimer: I don't have IPv6. My comments are how I would solve it (but I'm probably missing some key info as we don't have IPv6 here)
Do you have /64 assigned to you by your ISP? does your router allow you to route the /64 into your LAN? If not you'll need to look into Nat6 (yuck)
This requires you to assign the containers their own ipv4 and ipv6 address. not shared with the Unraid (the ipv4 only of course as Unraid doesn't have ipv6)
Make sure the docker network (eth0/br0) has Ipv4 and Ipv6 enabled - you'll need to stop docker engine and the array to make these changes
Assign the docker network the Ipv6 /64 (and the necessary ip ranges)
restart the docker engine.
Modify the container to use the custom docker network
your containers should now have an ipv6 address
-
Reboot and grab the diagnostics
-
Running a Mikrotik hEX Router https://mikrotik.com/product/RB750Gr3
Its quite a bit of a learning curve for people coming from "point-n-click routers" but should be fairly straightforward for most technical users.
What I really like about it is the QoS (quite a challenge) capability, and the support for VPN options (though still missing OpenVPN in UDP mode)
There are some rough spots still like the built in DNS server only supporting A/AAAA records (but has regex matching)
It also has builtin AP management (these need to be Mikrotik AP though) so new APs just need to be plugged in to the network and told to look for the head unit.
The main feature I've loved about it until my ISP started placing users on CGNAT is how easy it is to create a site-to-site VPN between routers, just plug in the public IP on both ends and you are done.
-
1
-
-
Been an Unraid user for 4+years and counting.
Convinced my brother to have one at his house to manage his stuff using old hand me down parts without real issues (save for the impossibility to automatically upgrade in the latest versions with only 2GB of RAM). Never had major issues or surprise gotchas.
Still have an unused license from the old pro two packs
-
They look like man pages, but I have no idea why they would be in the root diretory.
-
How many IP address does your Unraid server have?
and how are your PC:s on the 192.168.5.x network reaching Unraid? Do they access it directly? or is there another IP not mentioned here?
As a quick general point. An OpenVPN-AS container can share IP with the Host (Bridged or Host network mode), so the router can just port forward those ports. However, if the ports you want to use are already in use (80 and 443 comes to mind) or the app dynamically opens ports (thus needing its own IP) a single NIC and a switch without VLAN support, will give you containers running on their own IP, but are blocked from talking to the Host.
-
your biggest mistake is assigning 8 IPs to Unraid on the same physical network.
This will make networking work in ways you will not predict or understand.
What you probably want here is to have just two bridges, and only br1 has and IP (10.23.0.11/24 - gateway 10.23.0.1)
put eth0, eth1, eth2, eth3 together and bonded and bridged to br0, and assign the desired IP here
then put eth4, eth5, eth6, eth7 together as bonded and bridge br4 (i think this is the correct one, else it would be br1)
Configure the docker network pool to custom and delete the default one to br0, and create one for 10.23.0.0/24 (or smaller) on br4
point your containers to this network interface
link your VMs to either bridge.
that will simplify your life and make your network easy enough to understand:
unraid is reachable via the first bond/bridge
dockers on 2nd bond/bridge
VMs on either it is connected.
-
I'm considering dropping this Dropbox image given that I'm personally moving away from Dropbox, because of their limit to 3 devices policy.
I'm experimenting on rclone and checking on how I can work with my workflow on it.
That said, I'd like to look into a way to automate dropbox + fixed size loopback image for the Dropbox data directory.
-
Well, if the additional disk to your VM will only keep Dropbox files, you can happily store the additional disk image on the array. there won't be too big an impact on your VM only the saving of a file would be impacted by somewhat slow array write speeds.
Otherwise, you might want to look to using rclone as a tool for syncing local files to Dropbox. rclone is a CLI tool though and does have some realtime support for syncing directories.
-
@joesstuff Have your home network ever supported more than one device? Some brain dead ISP tech teams in my neck of the woods actually think you only should have one device connected to the internet and thus limit their router by default to only hand out one DHCP address - go figure.
EDIT: Oops you did mention other devices...
One option is to use the settings from the DHCP server on the router and work out a static IP you can assign the Unraid server.
-
if you cannot access a certain site while the VM is on br0, can you get all the important network info from the VM point of view?
ipconfig / ip addr
route
ping <site that you can't reach>
-
Hey, /mnt/user is a special filesystem containing the aggregated data from all the disks so if you have 2 disks + cache /mnt/user/appdata is the total of all the appdata directories (/mnt/disk1/ppdata /mnt/disk2/appdata /mnt/cache/appdata) that exist. So this is perfectly normal and correct behaviour and kudos to you for asking here before trying anything crazy
-
Oh, then we do have a similar config, just that my 2nd Bridge does not have an IPv4 address to properly allow Containers on the same VLAN as Unraid to talk to Unraid. Interesting that we do get the 1Gbps limit then on a Windows VM talking to unRAID on the same bridge. But unplugging a network should not have any effect. Also my Linux test was actually RAM disk (Alpine Linux ISO) to RAM disk (Unrsaid /tmp).
-
Can you elaborate your two bridge setup? I don't quite get what you meant by intra bridge trasnfer between your VM and Unraid share.
I did some testing on my setup and it seems the max I can get out of a Linux VM (with VirtIO network) doing SCP against Unraid is 180MB/s
A windows VM via SMB shares maxes out at 110MB/s, but these are all on the same bridge (My containers all live on a different bridge and VLAN)
-
Create a user, and use that user to connect to the share. The root account is not allowed to connect to shares over the network, unless the share is in Guest mode
-
1
-
[Support] Linuxserver.io - OpenVPN AS
in Docker Containers
Posted
The only thing I see that could be wrong is that your openvpn-as copintainer is in host mode right? if so, make sure its bound to br0 not eth0 (I think that's how bridges should be used.) Does the openvpn-as container work in custom network mode work? (set to br1 with own IP address)