Januszmirek Posted September 16, 2023 Share Posted September 16, 2023 After the update to 6.12.4 I am more than unhappy with the issues I'm facing. First noticeable issue was wireguard that just stopped working correctly. Until 6.11.x it worked flawlessly. Now I cannot make it to have a client to connect to my unraid and use internet at the same time. I mean i can browse all containers webgui but internet does not work. I had this issue previously but it was incorrect DNS configuration on my part, after I finally figured this out it and was flawless on any client ever since. After the update to 12.4 I can connect through wg to unraid but internet on any of the clients is no more. Yesterday I noticed other network related multiple issues. My plex server suddenly stopped being available remotely. Wordpress page hosted on my unraid is not available anymore, Unraid Connect doesn't work anymore (API KEY: NETWORK_ERRORNETWORK: Unable to connect to https://mothership.unraid.net), my system log is full of network errors and so on. I know there were some maclav/ipvlan changes made with this release and I did changed a few settings accordingly to release notes - probably misconfiguration on my part is what caused the issue but have no idea how to reverse these so i can get to where it was just a week ago before i updated. I hope it is all down to some configuration but no idea where to start so some steer would be much appreciated. Diagnostic log attached. Happy to provide more input if needed. Thanks. tower-diagnostics-20230916-1041.zip Quote Link to comment
Mainfrezzer Posted September 16, 2023 Share Posted September 16, 2023 Its currently impossible (theres probably a work around but i have not spend the time or efford into figuring that out yet) to have Internet and Lan Access while Host Access is enabled and youre running the Macvtap. You would need two tunnel for that. One where its possible to reach unraid and the internet and one where you can only reach unraid, the lan and the docker container. Cant comment on your normal networking issue. Quote Link to comment
Januszmirek Posted September 16, 2023 Author Share Posted September 16, 2023 1 minute ago, Mainfrezzer said: Its currently impossible (theres probably a work around but i have not spend the time or efford into figuring that out yet) to have Internet and Lan Access while Host Access is enabled and youre running the Macvtap. But id DID work previously. Are you saying that with the new update this functionality of having both worlds just disappeared? Quote Link to comment
Mainfrezzer Posted September 16, 2023 Share Posted September 16, 2023 Just now, Januszmirek said: But id DID work previously. Are you saying that with the new update this functionality of having both worlds just disappeared? Yep, it did work previously and probababy still does with the bridge enabled instead of macvtap but getting the call traces isnt worth it. Theres a little dirty trick but that would limit you to internal ipv4 only and ipv6 externally. If i find the time im gonna dig into it and try to make it work again. Quote Link to comment
Januszmirek Posted September 16, 2023 Author Share Posted September 16, 2023 Just now, Mainfrezzer said: Yep, it did work previously and probababy still does with the bridge enabled instead of macvtap but getting the call traces isnt worth it. Theres a little dirty trick but that would limit you to internal ipv4 only and ipv6 externally. If i find the time im gonna dig into it and try to make it work again. Fair enough, tbh WG is the least of my worries atm. I practically lost all my unraid services exposed to external world;( Thanks for chip in anyway. Quote Link to comment
Mainfrezzer Posted September 16, 2023 Share Posted September 16, 2023 (edited) Sometimes simple things are the solution. The wireguard issue can be "fixed" by this PostUp=logger -t wireguard 'Tunnel WireGuard-wg4 started';/usr/local/emhttp/webGui/scripts/update_services PostUp=iptables -t nat -A POSTROUTING -s 10.253.4.0/24 -o eth0 -j MASQUERADE;ip6tables -t nat -A POSTROUTING -s fc00:253:4:0::/64 -o eth0 -j MASQUERADE PostUp=iptables -t nat -A POSTROUTING -s 10.253.4.0/24 -o vhost0 -j MASQUERADE;ip6tables -t nat -A POSTROUTING -s fc00:253:4:0::/64 -o vhost0 -j MASQUERADE PostDown=logger -t wireguard 'Tunnel WireGuard-wg4 stopped';/usr/local/emhttp/webGui/scripts/update_services PostDown=iptables -t nat -D POSTROUTING -s 10.253.4.0/24 -o eth0 -j MASQUERADE;ip6tables -t nat -D POSTROUTING -s fc00:253:4:0::/64 -o eth0 -j MASQUERADE PostDown=iptables -t nat -D POSTROUTING -s 10.253.4.0/24 -o vhost0 -j MASQUERADE;ip6tables -t nat -D POSTROUTING -s fc00:253:4:0::/64 -o vhost0 -j MASQUERADE Gives access to everything. Thought would be a bit more complicated but well, here we are. EDIT: IMPORTANT I did notice a while ago while i tested it that theres an issue with vhost0 as interface, Wireguard starts but before docker and when docker starts, docker kills the tunnel. You need to add ( sleep 60 ; wg-quick up wg4) & to the GO file so that the Tunnel gets started after docker starts. Although it does seem like since the first line is eth0 and that interface exists, wireguard doesnt fart itself anymore and sets it up correctly without throwing a fuzz and needing to be restarted. Edited September 16, 2023 by Mainfrezzer Quote Link to comment
phyzical Posted September 23, 2023 Share Posted September 23, 2023 (edited) i was in the same boat as @Januszmirek but it was going from 6.9.1 to 6.12.x, took me a few hours to workout that having wireguard enabled broke the connectivity. (webui access, ssh access and internet access) disabling the WG tunnel fixes it for the time being and everything can talk again, i assume it relates to "remote access to lan" and all the new security stuff 6.12 introduced but i just don't have the time to dig deeper atm. i dont have any crash issues just network issues. edit: for me the issue ended up being that fact i was providing my local networks CIDR as an allowed ip, this used to work now it seems to kill everything. setting a csv of allowed local ips resolves the issue. The only issue left now is to make the vpn have access to my pihone dns for translation of container hostnames Edited September 24, 2023 by phyzical Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.