DOUBTS ABOUT SECURITY(Easy WireGuard and W.O.W.)


francesco7

Recommended Posts

I'm very new to everything related to homeservers and security , I just created my first UnRaid server, I use it mainly as a media server and various data storage, for the moment I use the following containers: Krusader, Easy Wireguard, Plex and duckdns ; I recently followed a guide for Wol and WoW.

I have several security concerns:

 

DOUBT ABOUT EASY WIREGUARD

I have installed and set-up Easy Wireguard and since I was able to access the UnRaid web GUI even from an external network it means that everything went fine, the only doubt is that I didn't have to touch any VPN settings from the UnRaid settings (I also tried but it doesn't even allow me to activate the toggle), perhaps because it is the simplified version of Wireguard?, and another doubt is: through Wireguard I can open a vpn tunnel between my devices outside the home network and my server in a secure way, does this allow me to secure the use of other dockers as well or do I have to link them to wireguard?

 

DOUBT ABOUT "W.O.W."

I followed a very detailed guide(not in english) on how to set up WoL and WoW for your devices, what doesn't convince me is if the procedure opens vulnerabilities to my server, since the guide is quite long I'll try to summarize it.

I checked that my server's motherboard supports WoL via UnRaid terminal, I added a path forwarding rule (tcp/udp) on my router to my server, I downloaded on the device I want to use to remotely control the powering of the server an app/software that by inserting: open port number, mac, and ddns pointing to my ip actually, actually allows remote powering on.

 

Also another doubt is: as wireguard is currently set up, it allows me to also use it as a personal vpn for the most common things (such as torrent, netflix, etc.) simply by connecting the device I want to the server via vpn?

 

Excuse me for the inexperience and the confusing writing , obviously ask me for any details that may be useful, thank you all very much.

Edited by francesco7
Link to comment
21 minutes ago, francesco7 said:

I have installed and set-up Easy Wireguard

The WireGuard Easy docker container is not associated with WireGuard built into unRAID.  No unRAID WebUI VPN Manager settings will have anything to do with the WireGuard Easy docker container you have installed.  Yes, you can use the Wireguard Easy docker container and get the same benefits as the built-in WireGaurd but you can also just use the built-in WireGuard and configure it through VPN Manager settings without having the docker container installed.

 

I am personally not a fan of WOL as it can be flaky and is highly dependent on the motherboard/chipset supporting it and implementing it correctly.  If your motherboard does not have IPMI, I would much prefer to use a true remote power on/off solution such as a PiKVM.  Yes, it is additional hardware but it just works.  There is even an internal PiKVM solution.

Edited by Hoopster
Link to comment

Thank you for your answer, i'll probably use WoW this way as a momentary solution, probably as an upgrade i will buy a device like the one you suggested or a new router that allows me to install a vpn and utilize this way the WoL  functionality more securely.

Speaking about Easy WireGuard i have not understood yet if i need to deviate the traffic from the other containers to the Wireguard one or if it alredy works fine, moreover if i wanted to use it as a personal vpn would i have to do something different from just connecting my device to the vpn or it is all set?

Link to comment
2 minutes ago, francesco7 said:

Speaking about Easy WireGuard i have not understood yet if i need to deviate the traffic from the other containers to the Wireguard one

I use the built-in WireGuard in Unraid and not the WireGuard Easy docker container so I do not know what you can do with it.  You might want to ask the question in WireGuard Easy support forum.  I am fairly certain other containers do not just use WireGuard by default without some configuration if it is supported.

Link to comment
10 minutes ago, francesco7 said:

Wherease if i used the built-in WireGuard how would it work?

Same thing.  Containers that use a VPN (DelugeVPN just as an example) have instructions for how to configure them to use VPN protocols such as OpenVPN or Wireguard.  However, you still need a VPN provider such as Private Internet Access, AirVPN, etc.

 

Q21. I now see that you support WireGuard, how do i switch from OpenVPN to WireGuard client?

A21. Yes you are correct, all binhex VPN created images now support OpenVPN and WireGuard, for PIA and other VPN providers.

If you're a PIA user then please follow this procedure:-

    Change Docker parameter from --cap-add=NET_ADMIN to --privileged=true (WireGuard requires privileged permissions).
    Add environment variable and set the Key: (NOT the name) to VPN_CLIENT and set the Value: to wireguard.
    Start the container with the new parameters.
    Once the container has started you should then be able to see the dynamically generated WireGuard config file /config/wireguard/wg0.conf.
    If you wish to change the endpoint (default is nl-amsterdam.privacy.network) then open the file /config/wireguard/wg0.conf and change the Endpoint line to the endpoint you want to connect to (the list of all port forward enabled endpoints is shown in the log /config/supervisord.log)

If you're a 'custom or airvpn' VPN user (non PIA) then please follow this procedure:-

    Change Docker parameter from --cap-add=NET_ADMIN to --privileged=true (WireGuard requires privileged permissions).
    Add environment variable and set the Key: (NOT the name) to VPN_CLIENT and set the Value: to wireguard.
    Start and stop the container to force the creation of /config/wireguard/.
    Copy and paste in the WireGuard configuration file for your VPN provider to /config/wireguard/
    Start the container and monitor the log /config/supervisord.log to ensure the connection is established.

 

Link to comment
2 hours ago, francesco7 said:

why would i use another vpn provider if WireGuard is free?

WireGuard is a VPN protocol.  Many of the docker containers that use VPNs can work with a VPN service/provider which may or may not use WireGuard as the VPN protocol.

 

In the example I gave above of DelugeVPN, I use it with the Private Internet Access VPN service over the WireGaurd protocol.

 

The WIreGuard protocol implemented in Unraid will allow you to setup secure remote connection and even route all remote traffic through the WireGuard VPN connection if desired.  However, WireGuard is not full-fledged VPN service/provider.

 

Here is a link to an article which mentions which VPN providers use WireGuard.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.