-
CrimsonTyphoon started following Custom Docker Network Seperate IP
-
[request] PFsense-analytics
+1
-
Dynamix WireGuard VPN
Okay Let me explain my situation and summarize my last few posts...lets get some new light in here! pfsense router - 192.168.8.1 (pfsense also acts as DNS server) (network is 192.168.8.0/24) unraid - 192.168.8.151 br0 - docker's on unraid's IP (192.168.8.151:XXXX) & VMs br1.15 - dockers with their own IP. br1.15 is linked to VLAN 15, which I can access no problem throughout my LAN, (i.e sabnzbd.domain.com, sonarr.domain.com) Wireguard network: 10.253.0.0/24 WIreguard is set for remote tunnel access (Allow 0.0.0.0/24) and using pfsense as DNS server (192.168.8.1) pfsense has a static route setup: Network Gateway Interface 10.253.0.0/16 unRAID - 192.168.8.151 Vlan_Internal Things that work through wireguard VPN: Access the internet with unraid/pfsense's WAN IP Access my lan (192.168.8.0/24) Access unraid server Access unraid VMs (They have their own IP on 192.168.8.0/24) Access dockers running on unraid (192.168.8.151:XXXX) DNS lookup dockers with there own IP (I.e. sabnzbd.domain.com resolves to 192.168.8.175) This is a host override in pfsense settings; it will not resolve to any other DNS server, only on my network. Things that dont work through wireguard VPN: Access dockers w/ there own IP (I.e. sabnzbd.domain.com or 192.168.8.175 does not work) Ping docker's with there own custom IP (see below for example) I am looking to be able to access my docker's with there own IP through the wireguard VPN connection. Things I have tried / notes: wireguard settings Nat OFF or Nat ON. Nat OFF nothing works, Nat ON is the behavior above. unraid's routing table: ROTOCOL ROUTE GATEWAY METRIC IPv4 default 192.168.8.1 via br0 1 IPv4 10.253.0.2 wg0 1 IPv4 172.17.0.0/16 docker0 1 IPv4 192.168.8.0/24 br0 1 IPv4 192.168.122.0/24 virbr0 1 Ping on my local LAN: $ traceroute 192.168.8.175 1?: [LOCALHOST] pmtu 1500 1: sabnzbd.domain.com 10.045ms reached 1: sabnzbd.domain.com 2.332ms reached Resume: pmtu 1500 hops 1 back 1 Ping through the wireguard tunnel: $ traceroute 192.168.8.175 1?: [LOCALHOST] pmtu 1280 1: 10.253.0.1 52.842ms 1: 10.253.0.1 63.555ms 2: no reply 3: no reply ^C Rebooted pfsense and unraid Made sure there were allow rules pfsense Pfsense does not show anything in logs blocking the 10.253.0.0/16 network. So...who's got ideas?
-
Dynamix WireGuard VPN
Through wireguard, I cannot access dockers that have custom IPs.....
-
Dynamix WireGuard VPN
@bonienl First and foremost, thank you for all of your help and your wonderful plugin! Everything you do for the community is greatly appreciated :-) I did some troubleshooting but still no dice. I turned off NAT in wireguard settings. Nothing works (no surprise there?) When i do a nslookup, I get an error message, "Got recursion not available from 8.8.4.4, trying next server". Then it does not work and I get, "server cannot find sabnzbd.domain.com: Refused. This is interesting - I specifically put my pfsense router as the DNS server. However, when I turn on NAT and do the same thing, it uses 8.8.8.8, and resolves sabnzbd.domain.com . Note: sabnzbd.domain.com will only resolve internally, as I have a domain override in pfSense. Therefore, even though it says its using 8.8.8.8 it is really using 192.168.8.1 (pfsense) I did a packet capture on the lan port on pfSense: - When I visit a docker with it's own IP, I do not see the packet. - When I visit a docker with unraid's IP, I do not see the packet. This makes sense because unraid is not sending it the router and back, its routing it internally Because I dont see the packet both times I am going to assume that the macvlan driver is blocking it as a docker security mechanism (again, I am not an expert in networking, so for all I know I am completely off base here). I actually had t his same problem with the OpenVPN docker, but gave up and just used OpenVPN on pfsense. Going to try to make a new vlan, and assign unraid to it somehow so it wireguard only uses that interface? Back to the drawing board I suppose (although since I have to stop the array, gotta wait until the server is not in use :-) )
-
Dynamix WireGuard VPN
Here you go: On Wifi: $ traceroute 192.168.8.175 1?: [LOCALHOST] pmtu 1500 1: sabnzbd.domain.com 10.045ms reached 1: sabnzbd.domain.com 2.332ms reached Resume: pmtu 1500 hops 1 back 1 On Wireguard: $ traceroute 192.168.8.75 1?: [LOCALHOST] pmtu 1280 1: 10.253.0.1 52.842ms 1: 10.253.0.1 63.555ms 2: no reply 3: no reply ^C I am not a network expert, but it seems that the unRaid server (10.253.0.1) gets the packet, but has no idea what to do with it and drops it? I do not see it blocked in my pfSense logs either.
-
Dynamix WireGuard VPN
Hmm, I use the pfSense as the DNS server, because i have custom entries pointing to my various dockers (sabnzbd.domain.com, sonarr.domain.com, etc.) They all sit behind my reverse proxy docker at 192.168.8.175. I have updated the latest version of the plugin to add the DNS settings. Going directly to the domain (sabznbd.domain.com, thru reverse proxy) or accessing directly via IP (192.168.8.100) does not work. Through the WebUI it goes through the IP and does not work either :-/ Edit: Here is unRAID's routing table: PROTOCOL ROUTE GATEWAY METRIC IPv4 default 192.168.8.1 via br0 1 IPv4 10.253.0.2 wg0 1 IPv4 172.17.0.0/16 docker0 1 IPv4 192.168.8.0/24 br0 1 IPv4 192.168.122.0/24 virbr0 1
-
Dynamix WireGuard VPN
I have "remote tunnel access" enabled for my peer (the client has AllowedIPs=0.0.0.0/0 to tunnel all traffic thru the VPN tunnel) Updated OP to reflect this
-
Dynamix WireGuard VPN
Hello, I must be close but cant figure out the last piece of the puzzle! I have gotten wireguard working, but cannot access dockers not on the bridge network (aka docker's with their own IP) I cannot access dockers with there own IP (192.168.8.0/24). I can access dockers on unraid's IP (192.168.8.151) Wireguard network: 10.253.0.0/24 Router: 192.168.8.1 Unraid IP: 192.168.8.151 (network 192.168.8.0/24) I have "remote tunnel access" enabled for my peer (the client has AllowedIPs=0.0.0.0/0 to tunnel all traffic thru the VPN tunnel) Here's my pfSense static route: Network Gateway Interface 10.253.0.0/16 unRAID - 192.168.8.151 Vlan_Internal What am I missing?
-
[Support] Linuxserver.io - OpenVPN AS
Hello, I stopped using this docker for awhile because I couldn't do what I wanted to do w/ it, but with all the updates I thought I would crack at it again: Vlan 5 - Main network Vlan 15 - Docker network for Sabnzbd, Sonarr, Radarr, etc. If i run this container in bridge mode (Vlan 5), I cannot access Vlan 15 because of the macvlan driver (expected behavior) I cant get the OpenVPN server to start if I run in host, br1.5, br1.15, etc. So how can I run this in bridge mode and be able to access the Vlan15 network? Do I need a static route on my router? (using pfSense)
-
[Support] Linuxserver.io - OpenVPN AS
I would like to know this as well. I want to run it on one of my customer networks (br1.20) so it can access dockers and the unRAID host, but could never figure it out.
-
Custom Docker Networks in 6.6.0
That was it, thank you!
-
Custom Docker Networks in 6.6.0
Here are my settings under 6.5.3 / 6.6.0 IPv4 custom network on interface br0: Subnet: 192.168.20.0/24 Gateway: 192.168.20.1 DHCP pool: not set IPv4 custom network on interface br1.10: Subnet: 192.168.10.0/24 Gateway: 192.168.10.1 DHCP pool: not set IPv4 custom network on interface br1.20: Subnet: 192.168.20.0/24 Gateway: 192.168.20.254 DHCP pool: not set NETWORK ID NAME DRIVER SCOPE b9b4178725d9 br0 macvlan local 0b839cad0823 br1.10 macvlan local 37bff31973a8 br1.20 macvlan local e1ef694e36c7 bridge bridge local f9bfd58f90c4 host host local 7759dbce282b none null local Under 6.5.3, I can set the network type to any of the networks when adding/updating a container. In 6..6.0, I can pick everything except br1.20
-
Custom Docker Networks in 6.6.0
I posted about this issue in the main 6.6.0 release thread (link), but wanted to make a separate thread specifically on this issue. On 6.5.3, I have 3 separate docker networks: br0: 192.168.20.0/24. Gateway 192.168.20.1 br1.10: 192.168.10.0/24. Gateway 192.168.10.1. (VLAN 10) br1.20: 192.168.20.0/24. Gateway 192.168.20.254 (VLAN 20) Note: br0 and br1.20 are in the same subnet, but have different gateways. I do this so dockers in br1.20 can connect to both the Unraid host, and dockers in all subnets (circumventing macvlan from blocking the connection between docker and host) All 3 networks have no DHCP pool, i manually set them for my docker containers. Now the problem. When I upgraded to 6.6.0, I could still see my 3 docker networks in docker settings, but I could no not select br1.20 in Update Container, under Network Type, it is simply not listed. Can someone let me know how I can do this, preferably through the GUI?
-
Unassigned Devices - Managing Disk Drives and Remote Shares Outside of The Unraid Array
Did a quick search in this thread but couldn't find what i was looking for... Is there a way to have different share settings for different unassigned drives? Let me explain: I have 2 drives in UD Drive A for MythTV Recordings Drive B as a download location for Sabnzbd & hosting some files I have 2 SMB users, User1 and User2 I want User1 to only access 1 folder on DriveB (Sabnzbd), and User2 to access everything (DriveA and DriveB) I couldn't find a way in UD settings to have different users accessing different folders.
-
[6.3.0+] How to setup Dockers without sharing unRAID IP address
I have played around with itbut was still not able to get it working :-/. Can you be more specific on how you did it?