Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Xaero

  1. I think the latter can be achieved with one more routing rule; I just haven't sat down to figure it out.
  2. See my (old, outdated, don't use it anymore plex has been updated) Plex wrapper script here: https://github.com/Xaero252/unraid-plex-nvdec This script can be added to CA User Scripts to run after your automatic docker updates to reinstall the modifications after the docker has updated. Similarly, you could do this with the pihole docker. I would also suggest pinging the pihole docker maintainer and see if they might be willing to add a layer for your modification. Since its a direct extension of pihole rather than a hack like my plex script, it is more reasonable to include it in the actual docker image as an optional flag.
  3. I only do the overlay as I like persistent settings and bash history. 4GB is massive overkill for that. I also know adding just a couple of lines to the "go" file works but then I have to add lines every time I customize something new. Overlay "just works" I do wholely agree though - for a handful of scripts being added to the 'go' file calling them with their interpreter is sufficient.
  4. You would want to use the remote tunnel option so that is the AllowedIPs for the tunnel. This should capture all traffic from the remote device and send it through the DNS (your local router) You would want the DNS set to PiHole to get PiHole to filter it.
  5. Even so; Make sure the unraid IP is in AllowedIPs on the client conf file under the [peer] section. If it's not it won't be routed through the tunnel.
  6. Unraid itself is a collection of Linux programs and utilities. It's probably possible to get it running under the Linux subsystem for windows - but would be completely unsupported, and probably more trouble than just setting it up in a VM - which itself is a fair amount of work.
  7. it would also help if I didn't make as many typos as I do when writing things haha
  8. Apparently it doesn't like me that much; instead: In the particular usage case for this thread: Remove the scripts folder from /boot/config Remove the copy from /boot/config/go Create the overlay Add the overlay to /boot/config/go Copy the scripts to the root directory and set permissions Call the scripts from /boot/config/go or however you normally do.
  9. Needs to go on the client side peer config Add to the list with AllowedIPs=, Once set in the client config you do have to stop/start the wireguard server. Make sure the config on the client is updated as well (changing it on the server doesn't change it on the device(s) that have that peer config loaded, so you'd have to reload it onto those devices. Once it's loaded onto the devices, the server has been restarted and you connect, try pinging the IP you are trying to access. It should at least ping if it's routable.
  10. You can circumvent that with the SETUID bit. I've been using an overlayfs for my /root/ folder so that any changes I make are automatically on the flash drive, and support full *nix permissions. The go file is only used to mount that overlay and kick off any scripts if needed. I can share the steps here to recreate the overlayfs. It also enables things like preference persistence for htop, tmux, etc.
  11. In the [Peer] section for the PEER configuration file that you want to have access to make sure that is in the list of AllowedIPs. If it's not, the tunnel won't send traffic to it.
  12. The DNS server on my local lan, in this case my ISP provided cable modem gateway. Though eventually that will be replaced with OPNSense, now that I've tested everything works that way. Also, do note that you need to edit the peer configuration files manually in /etc/wireguard/peers Afterwards you can regenerate the QR code using my instructions above, so that you can provide users with a QR code or the ZIP.
  13. FYI, I was able to get this working properly manually with only the following data for all profile types: DNS=<Local-IP> in the [Interface] section of the peer config. <Local-IP>/32 included in the AllowedIPs= of the [Peer] section of the peer config. A single DNS field and some rudimentary logic should sort whether or not the DNS is already included in the range. From there I manually regenerated the QR codes and moved on. Of course I can't touch those peers in the GUI now without ruining everything, but it works as is.
  14. Not my feature request; but this covers the same issue.
  15. Would it be possible to add this as an option in the GUI? I'll do it manually for now; but that doesn't help much for QR code users. A slider in the advanced for "Force DNS" with an input field for the DNS IP would be sufficient, I think. EDIT: For people who do set the DNS manually in the client configs and want the QR code updated as well: cd /etc/wireguard/peers qrencode -o peer-<hostname>-wg#-*.png < peer-<hostname>-wg#-*.conf (where # is the wg profile and * is the peer number) This will update the png manually.
  16. Would it be possible to force a DNS server? Currently it looks like the client DNS is used no matter what, which means DNS leaks are a problem. It also means that hostname resolution for devices on the VPN doesn't work (for example http://<ServerName/ does not work, while http://<IP Address>/ does) Other than that seems pretty excellent so far. Edit: I tried adding DNS=<IP> in the wg0.conf and it didn't like it. Not sure what special sauce is needed.
  17. So on 6.7 I would configure the "pproxy" docker from dockerhub like so: And the nordvpn docker would have the port forwards. The pproxy docker would exist within the nordvpn network and therefore already be tunneled into the VPN. By setting up pproxy in this manner I could use socks etc.. to VPN selective traffic to NordVPN at will. On Unraid 6.8rc1; this results in an error about the docker not being allowed in two networks simultaneously: I'd like to suggest that containers be listed as network options in the dropdown list as a solution, since its the most direct approach. Also worth noting that just running the docker directly with: docker run -d --name='pproxy' --net=container:nordvpn -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" 'mosajjal/pproxy' Works fine.
  18. FWIW; you can use something like sslh coupled with something like udptunnel to handle the UDP packets of wireguard over TCP on the SSL port (443) which is generally not blocked anywhere. This would be pretty manual to setup since the unraid implementation of wireguard doesn't "just have this" but there are dockers for BOTH of these things...
  19. I accidentally wrote a raw disk image over the top of my unraid USB drive. I'm an idiot. Don't worry.
  20. I don't get an error - but the edit option just isn't even available on my containers. I'll try recreating a couple. This has been pretty painless so far. EDIT: recreating works. Everything is back to normal again. Thanks everyone.
  21. Yeah that was my intent was to finish setting things up (they weren't yet) and then make the backup. Well, you live and you learn.
  22. So; I've been slowly migrating from my old server to my new server. I use my old server as a reverse tunnel entrypoint for remotely managing certain machines via SSH. I image these machines over SSH, using a VM as my SSH client so that I can't make a fatal mistake. In a lapse of judgement I did not use the VM since I haven't set it back up yet. I helped someone and imaged their drive successfully over SSH... but also managed to write the image to my Unraid USB Flash drive. I do not have a backup of this flash drive yet. I know that at the very least I need to restore my raid configuration (I have a screenshot of my disk assignments, thankfully) I'll also have to manually reinstall any plugins and do any docker and VM setup manually (Unless someone can suggest a way to restore the dockers? I had the docker.img on my cache drive, as well as the appdata and system folders.) How should I approach restoring the flash drive? How should I approach backing this up once done? I've never made this sort of mistake with Unraid before; so it's a new experience to me. EDIT: I should note that I did not notice I had made this mistake until I rebooted the server. So it's not up for me to capture the state or anything.
  23. I just tried installing 6.8rc and I'm getting a kernel panic because the root filesystem is not mountable. Not sure if the image I pulled got corrupted somehow or what. EDIT: This was not your fault. Disregard. I did a stupid.
  24. In my opinion, each docker should be listed inside the "network interfaces" box as selections. That way you can easily select which network to connect to. Perhaps add a "shared network" option to dockers so that the list doesn't get huge with too many dockers. Just need it to not switch from container name to container ID. To make this a bit more clear: In this screenshot we see that Nordvpn is configured for bridge mode networking. DDClient is configured for host mode networking (I start it in host mode for updating dns records with my real IP, currently. eventually I will change it to container:nordvpn) The third docker pproxy is configured manually going into advanced and putting --net=container:nordvpn. After saving the --net=container:nordvpn is converted to container:<uuid> This UUID is changed every time the container is modified. So if I change a setting, update the container, etc everything that is dependent on it's network now also must be manually updated again.