Unraid Wireguard tunneled access while having Host access to custom networks enabled

Mainfrezzer

By Mainfrezzer
in General

Recommended Posts

Mainfrezzer Contributor

Mainfrezzer

Posted
Posted (edited)

Ive been tinkering around to get tunneled remote access to my Unraidserver while having some Docker-Container exposed to my home network that my Server also needs to access.

It seemed to be a 2/3-Affair.
Either tunneled access and Docker running while having no access from the Host to the Container
No tunneled access to the Server while having the Container accessible from the Host 
or 
Docker-Container and Host were able to communicate but your tunneled access is limited to the unraid system itself.

Here is my solution to that Problem.

First, the "standard" tunnel access. No further steps on that.
1.thumb.PNG.dc02cd4dc1936ded9a2a463e3a963ab3.PNG

This just guarantees access via the tunnel in case the Array/Docker-Server didnt start at all. !IMPORTANT!

Secondly. We gonna add another tunneled access to the Server. The recommended options are fine.
2.thumb.PNG.679186dc811f0dd78e7acc873d1b8485.PNG

Now we need to manually edit the wg*.conf, in my case wg1 and change the adapter from br0 to shim-br0.

3.thumb.PNG.457c92914b3c534b75c5bfcedb34b476.PNG


And thats it. Now you always got 1 tunneled access to the Server incl. all Docker-Container and access to the internet. The tunnel, that got modified to the shim-br0 network is the one that has all access while Docker is running. The wg0 interface is in this example is the "oh shit, something is wrong" connection.


Update for 6.12.4:
If youre running the macvtap network you need to modify the file to look like this
  

PostUp=logger -t wireguard 'Tunnel WireGuard-wg4 started';/usr/local/emhttp/webGui/scripts/update_services
PostUp=iptables -t nat -A POSTROUTING -s 10.253.4.0/24 -o eth0 -j MASQUERADE;ip6tables -t nat -A POSTROUTING -s fc00:253:4:0::/64 -o eth0 -j MASQUERADE
PostUp=iptables -t nat -A POSTROUTING -s 10.253.4.0/24 -o vhost0 -j MASQUERADE;ip6tables -t nat -A POSTROUTING -s fc00:253:4:0::/64 -o vhost0 -j MASQUERADE
PostDown=logger -t wireguard 'Tunnel WireGuard-wg4 stopped';/usr/local/emhttp/webGui/scripts/update_services
PostDown=iptables -t nat -D POSTROUTING -s 10.253.4.0/24 -o eth0 -j MASQUERADE;ip6tables -t nat -D POSTROUTING -s fc00:253:4:0::/64 -o eth0 -j MASQUERADE
PostDown=iptables -t nat -D POSTROUTING -s 10.253.4.0/24 -o vhost0 -j MASQUERADE;ip6tables -t nat -D POSTROUTING -s fc00:253:4:0::/64 -o vhost0 -j MASQUERADE

 

Edited by Mainfrezzer
Added info for 6.12.4 changes
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing