July 13, 20223 yr Hi all, So a few days ago my USB failed for UnRAID. I formatted the USB drive and restored my flashbackup from My Servers. The server came back up and all my array etc...are intact fine. I also recently upgraded to the latest UnRAID 6.10.3 so WireGuard is now a native package as part of the OS.. I just had a reason to use my VPN now, and realised that my WireGuard VPN isn't working. I'm not sure if its from the upgrade or the restore, since I havent used the VPN for about a month or so. From testing,my clients do connect to Wireguard and show status Active. However nothing will load. On checking the log I see the error "Handshake for peer 1 (myipaddress:51820) did not complete after 5 seconds, retrying (try 2). I've tried deleting the VPN and recreating it, and recreated all my keys etc...but still no change. It looks like something happened to my UnRAID's networks perhaps I looked at the wg config in UnRAID (nano /etc/wireguard/wg0.conf) and noticed it should be trying to create some network rules PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started' PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped' PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostUp=ip -4 route flush table 200 PostUp=ip -4 route add default via 10.253.0.1 table 200 PostUp=ip -4 route add 192.168.1.0/24 via 192.168.1.254 table 200 PostDown=ip -4 route flush table 200 PostDown=ip -4 route add unreachable default table 200 PostDown=ip -4 route add 192.168.1.0/24 via 192.168.1.254 table 200 I spun up a test machine, and tried to set this up with Wireguard and again I have the same issue with no data transfer. if I try and run these rules manually, I do get an error with adding the default rule "Nexthop has invalid gateway." This is the same on both my test and production UnRAID servers. root@Tower:~# logger -t wireguard 'Tunnel WireGuard-wg0 started' root@Tower:~# iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE root@Tower:~# ip -4 route flush table 200 root@Tower:~# ip -4 route add default via 10.253.0.1 table 200 Error: Nexthop has invalid gateway. root@Tower:~# ip -4 route add 192.168.1.0/24 via 192.168.1.254 table 200 root@Tower:~# When I look at network routes on both UnRAID servers, I don't see any entry for the 10.253.0.0/24 network root@TOWER:~# ip route show default via 192.168.1.254 dev br0 proto dhcp src 192.168.1.205 metric 1010 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 172.31.200.0/24 dev br-746f3d6b4b8d proto kernel scope link src 172.31.200.1 linkdown 192.168.1.0/24 dev br0 proto dhcp scope link src 192.168.1.205 metric 1010 Can anyone shed some light on how to get this working again?
July 13, 20223 yr Solution hi, I´m experiencing almost similiar issues since today. I have multiple clients running and non of them can be activated. I did not really changed anything in regards of the settings. I noticed, that the Dashboard, where all the WG connections are displayed, says "tunnel active:0, inactive: 1" and the switch button at the WG settings can´t be turned on. it stays inactive no matter what. Is this the same case on your side? I won´t have the chance to reboot my Unraid and would love to not have to delete and set up the WG config again. And I would really like to know what the trigger for this situation was in general.
July 13, 20223 yr hi, I found the Cause: in one of the peers, the "Local endpoint" was missing a dot. So in case some info is false at the peers, the whole tunnel does not seem to work. To get the debug info, the following command was used: wg-quick up wg0 hope it helps.
July 13, 20223 yr 14 hours ago, Jarsky said: I formatted the USB drive and restored my flashbackup from My Servers. Please see the manual for additional steps to take after restoring a flash backup: https://wiki.unraid.net/My_Servers#Restoring_Flash_Backup The issue is likely that you need to generate new WireGuard keys
July 13, 20223 yr 9 hours ago, Benbarian said: To get the debug info, the following command was used: wg-quick up wg0 Excellent troubleshooting. FYI for normal operation you should always start a tunnel from the webgui as it does a few extra steps. BTW, the next release of Unraid will log the output of wg-quick to make it easier to troubleshoot this sort of thing.
July 26, 20223 yr Just to follow up... starting with Unraid 6.11.0-rc1, we now log what happens when we attempt to start and stop WireGuard tunnels (note: this does not log connections, just the results of running `wg-quick up wg0` and `wg-quick down wg0`). This will eliminate the need to manually run `wg-quick up wg0` to see what is going on. You can view the log by opening a web terminal and typing: cat /var/log/wg-quick.log
July 27, 20223 yr Author Mine was embarssingly stupid. I had already generated new keys, it was the first thing I did. I assumed from the logs on the clients saying they were Active that it was finding the server so Wireguard was "running" Turned out after restoring, I needed to reactivate the Tunnel. Super basic, but perhaps for future there should be like a red banner or something saying the Tunnel isnt active, or that toggle should be red? Did a lot of unnecessary troubleshooting because it wasnt easily apparent that I needed to switch that being grey. Since I set up Wireguard so long ago.
October 17, 20241 yr Got an issue where my wg instances couldn't be enabled. The wg-quick up wg0 command helped me figure out what was going on. It turns out that after I changed the network my unraid was on (moved from a regular TP-Link router to OPNsense), wireguard did not update its route table. And that even after several reboots from the network change. The fix was to change a prop (for example, the DNS address) on at least one of the peers and then click on apply then repeat that for each tunnel. That did the needed updates and I was then able to activate the tunnels. Thanks to @Benbarian for the hint ! Edited October 17, 20241 yr by devexa
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.