likesboc Posted July 5, 2023 Share Posted July 5, 2023 Although my Wireguard tunnel "wg0" is set to "Autostart" in settings - VPN Manager the connection failed to start for some reason. Despite that, i just noticed that a docker, which is configured to use the respective tunnel "wg0", was online with my actual ip, bypassing the tunnel setting completely. I am in shock honestly - this is the second time (!) this is happening and i find it beyond frustrating. Quote Link to comment
ljm42 Posted July 5, 2023 Share Posted July 5, 2023 What version of Unraid are you currently running? We improved the killswitch in 6.11.2 (after your previous thread) but it does require you to make a dummy change to the tunnel and apply. Please follow the first post of this guide closely to setup the tunnel and container: https://forums.unraid.net/topic/84316-wireguard-vpn-tunneled-access-to-a-commercial-vpn-provider/ If you are able to bypass the kill switch using a tunnel created/modified in 6.11.5 or 6.12.2 please provide details on how to reproduce the issue Quote Link to comment
likesboc Posted July 6, 2023 Author Share Posted July 6, 2023 Thanks for getting back to me. I'm running 6.12.2. Everything was fine until the last reboot while upgrading to 6.12.2. I am running the VPN profile exactly as outlined and have done so successfuly since the feature was released. After the upgrade/reboot apparently the wg0 tunnel was unable to start. When trying to start it manually, it didn't, the button just switched back to the off position. I then saw that the dockers, although configured for wg0, where in fact, online. I added a second tunnel wg1 which startet instantly and provided the dockers it's service. So the only thing out of the ordinary was that wg0 was somehow unresponsive although it had worked fine before. I didn't change the configuration or anything like that. (Independently from that i am unable to delete the wg0 tunnel. I am able to delete the configuration bound to it, but the tunnel itself remains empty in the settings menu. I always found that a bit weird but thought Unraid just needed an empty first entry in this menu. ) Quote Link to comment
likesboc Posted July 13, 2023 Author Share Posted July 13, 2023 and it happened again. i needed to change the ip of the system, which lead to having to reboot it (because the docker service hung, and it couldn't unmount the cache drive, so i rebooted the whole system). after the reboot is done and i start the array i check in the vpn settings if "autostart" is done and ... it isn't. the tunnel cannot be started - but i can start dockers which go online with my original ip! i checked if there is anything showing up in the logs when i try starting the tunnel manually but it just states "Tunnel WireGuard-wg1 started" which it is not. so the system believes the tunnel is starting although it isn't. this is super creepy and if i hadn't double checked i would have never noticed! diagnostics-20230713-2120.zip Quote Link to comment
ljm42 Posted July 13, 2023 Share Posted July 13, 2023 Thank you, I can see there was an error starting the tunnel, but that should have prevented the containers from getting access to the network. In the short term, I'd recommend setting those containers to not auto-start. I see you are using IPv6, would you please upgrade to 6.12.3-rc3 as it has improvements related to IPv6: https://forums.unraid.net/bug-reports/prereleases/unraid-os-version-6123-rc3-available-r2572/ Once in rc3, make a dummy change to wg1 and hit save to make sure it has the latest PostUp/PostDown commands. Then try starting wg1. Whether it works or fails, please generate new diagnostics so I can see what changed. If you are curious what I'm looking at, you can open the diagnostics zip file and look at logs/wg-quick.txt Quote Link to comment
likesboc Posted July 17, 2023 Author Share Posted July 17, 2023 Hello, i've upgraded to 6.12.3 and attached a new diagnostics file. I am not using IPv6 (at least not intentionally, i am on a private IPv4 subnet, with no specific changes to the containers besides using wg0). This time i was able to upgrade and reboot without a hassle and no stuck services. I had to re-import the tunnel configuration because the old one didn't work anymore (as you had mentioned). After adding a new configuration the tunnel started as well as the dockers. So, to me, it still seems that after the last reboot the system believed that the autostart of the tunnel had worked and let the dockers online, not noticing that in reality the tunnel wasn't online. The only thing i changed in the past weeks was the ipv4 adress of the system after rearranging subnets, but that worked without any errors. diagnostics-20230717-2225.zip Quote Link to comment
bonienl Posted July 18, 2023 Share Posted July 18, 2023 You have two wireguard tunnels with the same IP address, that won't work. Delete the duplicate tunnel. We made some additional fixes in the upcoming version. I recommend you use the new version once available, it should work better with WG VPN tunnels. Quote Link to comment
likesboc Posted July 18, 2023 Author Share Posted July 18, 2023 5 hours ago, bonienl said: You have two wireguard tunnels with the same IP address, that won't work. Delete the duplicate tunnel. Are you assuming i would be using mutliple tunnels at the same time? Because that is not the case. But of course i configure multiple tunnels to change exit adresses for example or to switch if a tunnel is in error. How else should i do that? Any recommendations? Quote Link to comment
DevanteWeary Posted July 18, 2023 Share Posted July 18, 2023 5 hours ago, likesboc said: Are you assuming i would be using mutliple tunnels at the same time? Because that is not the case. But of course i configure multiple tunnels to change exit adresses for example or to switch if a tunnel is in error. How else should i do that? Any recommendations? Hey just curious; how could you tell your IP was leaked? Setting up Wireguard for the first time so want to make sure I'm doing it right. Quote Link to comment
isvein Posted July 18, 2023 Share Posted July 18, 2023 35 minutes ago, DevanteWeary said: Hey just curious; how could you tell your IP was leaked? Setting up Wireguard for the first time so want to make sure I'm doing it right. One way to do it is to use a site like ipleak.net and/or dnsleaktest.com Quote Link to comment
likesboc Posted July 19, 2023 Author Share Posted July 19, 2023 15 hours ago, DevanteWeary said: Hey just curious; how could you tell your IP was leaked? Setting up Wireguard for the first time so want to make sure I'm doing it right. Some Dockers show you which IP they are using. Plus there are various test tools and websites out there that show which adress is used. Quote Link to comment
ljm42 Posted July 19, 2023 Share Posted July 19, 2023 16 hours ago, DevanteWeary said: Setting up Wireguard for the first time so want to make sure I'm doing it right. Be sure to follow the first post here very closely: https://forums.unraid.net/topic/84316-wireguard-vpn-tunneled-access-to-a-commercial-vpn-provider/ Quote Link to comment
DevanteWeary Posted August 2, 2023 Share Posted August 2, 2023 On 7/19/2023 at 8:46 AM, ljm42 said: Be sure to follow the first post here very closely: https://forums.unraid.net/topic/84316-wireguard-vpn-tunneled-access-to-a-commercial-vpn-provider/ Will do! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.