Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Custom wireguard config help - no access to internet or dockers when active

Featured Replies

I've posted this to the unraid subreddit but I have a feeling I might be more likely to get the answers I need here.

 

I've set up a custom wireguard server on a VPS and created the client-side config file. I tested it in windows and it works fine, but when I try to import it to my unraid server, it just doesn't work. It defaults to "Remote access to server" for the peer type of access when it's supposed to be "VPN tunneled access...". When I try to change the peer type of access to "VPN tunneled access for system/docker", it removes chunks of the config. In the case of "VPN tunneled access for system" it drops all the Peer allowed IPs and defaults to 0.0.0.0/0, and in the case of "VPN tunneled access for docker" it drops the Peer allowed IPs and Peer endpoint and says Peer tunnel address is mandatory. It also does not import the DNS servers, so I add those manually.

 

I've also tried setting it up manually but whatever I do, when I connect I lose access to the internet, and all my dockers lose connectivity. I've stopped my openvpn container, and all containers connected to openvpn so I don't have any other tunnels running. Wireguard definitely connects to the server because I can check the connection on both ends. I've posted the client and server side configs below in case I need to change anything.

 

Ideally what I want is this custom wireguard tunnel to be used for a docker network (preferably ipvlan-l3) so I can just punt all the containers that need to be run through a VPN to that network and assign IP addresses rather than fiddling with container ports as I have to do with openvpn. By default it seems that Unraid sets the wg0 interface up as a bridge network, but I'm guessing I should be able to just create an ipvlan with wg0 as the parent interface right?

Client Config (unraid):

[Interface]
PrivateKey = <client_private_key>
Address = 10.6.0.240/24
DNS = 94.140.14.14, 94.140.15.15

[Peer]
PublicKey = <server_public_key>
Endpoint = x.x.x.x:51820
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 94.140.14.14/32, 94.140.15.15/32
PersistentKeepAlive = 15

Server Config (VPS):

[Interface]
Address = 10.6.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o ens192 -j MASQUERADE

[Peer]
PublicKey = <client_private_key>
AllowedIPs = 10.6.0.240/24

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.