iarp Posted September 27, 2023 Share Posted September 27, 2023 I've been banging my head against a wall here for days now only to figure this out just now. If I disable docker from starting and restart my machine, wireguard clients set to Remote tunneled access can connect and the connection goes through the server just fine. However once i enable docker, the connection dies. We can still access the internal server itself but no LAN or WAN access. Unraid 6.12.4 eth0 bonding/bridging = No. There is an eth1 but its unused. storage-diagnostics-20230927-1014.zip Quote Link to comment
Mainfrezzer Posted September 27, 2023 Share Posted September 27, 2023 (edited) You need to modify the wireguard config. To look somewhat like this (fixed for your specific network and ip address needs) PostUp=logger -t wireguard 'Tunnel WireGuard-wg4 started';/usr/local/emhttp/webGui/scripts/update_services PostUp=iptables -t nat -A POSTROUTING -s 10.253.4.0/24 -o eth0 -j MASQUERADE;ip6tables -t nat -A POSTROUTING -s fc00:253:4:0::/64 -o eth0 -j MASQUERADE PostUp=iptables -t nat -A POSTROUTING -s 10.253.4.0/24 -o vhost0 -j MASQUERADE;ip6tables -t nat -A POSTROUTING -s fc00:253:4:0::/64 -o vhost0 -j MASQUERADE PostDown=logger -t wireguard 'Tunnel WireGuard-wg4 stopped';/usr/local/emhttp/webGui/scripts/update_services PostDown=iptables -t nat -D POSTROUTING -s 10.253.4.0/24 -o eth0 -j MASQUERADE;ip6tables -t nat -D POSTROUTING -s fc00:253:4:0::/64 -o eth0 -j MASQUERADE PostDown=iptables -t nat -D POSTROUTING -s 10.253.4.0/24 -o vhost0 -j MASQUERADE;ip6tables -t nat -D POSTROUTING -s fc00:253:4:0::/64 -o vhost0 -j MASQUERADE Edited September 27, 2023 by Mainfrezzer Quote Link to comment
iarp Posted September 27, 2023 Author Share Posted September 27, 2023 (edited) I ran the following, no luck. iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o eth0 -j MASQUERADE Just tried wg0 instead of eth0 as well. Edited September 27, 2023 by iarp Quote Link to comment
Mainfrezzer Posted September 27, 2023 Share Posted September 27, 2023 You have to modify the wireguard config on your usb stick. /config/wireguard and then whatever file it is. wg0.conf or wg1.conf i dont know. Quote Link to comment
iarp Posted September 27, 2023 Author Share Posted September 27, 2023 You're just modifying the iptables, which I can do in console. Quote Link to comment
Mainfrezzer Posted September 27, 2023 Share Posted September 27, 2023 Sure. that works too, if you have that much spare time on your hands. Anymahow, you need to only run the vhost0 line. eth0 is by default. You would have noticed if you opened the wgX.conf file. Quote Link to comment
ljm42 Posted October 11, 2023 Share Posted October 11, 2023 Sorry for the trouble. I'd like to raise visibility on this, but I am not clear what the proposed change is. Starting with a non-working wgX.conf file, please go to the VPN Settings page in Unraid 6.12.4 and make a dummy change, then Apply. Does that fix the issue? If not, please show a before/after snippet of the wgX.conf file to make it clear what the bad value is and what you are proposing that it be changed to. Thanks! Quote Link to comment
iarp Posted October 11, 2023 Author Share Posted October 11, 2023 Before reading below: I wrote the below information before coming to a realization just now. Re-reading the quickstart, Remote tunneled access does NOT seem to be granting LAN access. I'm wanting my clients access to LAN and internet tunneling, but none of the dropdown selections seem to offer this. If that is the case then I'll drop this post and the issue because then nothing is wrong by unraids standards. ---- After a bit more testing I've come to realize I cannot access the LAN using Remote Tunneled Access. The reason I couldn't access websites is because DNS wasn't passing through to 192.168.2.1. When i updated the client to 8.8.8.8 it worked for domain names. Still unable to access LAN. As per MainFreezer's recommendation, adding the vhost0 to PostUp and PostDown allows LAN access. PostUp=iptables -t nat -A POSTROUTING -s 10.253.2.0/24 -o vhost0 -j MASQUERADE PostDown=iptables -t nat -D POSTROUTING -s 10.253.2.0/24 -o vhost0 -j MASQUERADE This fixed everything previously because I was still using my routers dns which running the above allowed access to the LAN. Aside from those two entries, I have not modified anything else. 1 Quote Link to comment
itimpi Posted October 12, 2023 Share Posted October 12, 2023 Does not the “Remote Access to LAN” option give you what you want? The one caveat is that your Unraid server must be on a different subnet to your remote users if you want the DNS to work correctly. Typically this means at least avoiding the 192.168.0.x and 192.168.1.x subnets for your local LAN as these are common defaults for many routers. Quote Link to comment
iarp Posted October 12, 2023 Author Share Posted October 12, 2023 Re-reading the quickstart, Remote Access to LAN is just server and LAN. I want server, lan, wan. Quote Link to comment
itimpi Posted October 12, 2023 Share Posted October 12, 2023 41 minutes ago, iarp said: Re-reading the quickstart, Remote Access to LAN is just server and LAN. I want server, lan, wan. Well it works for me! The important thing is that the DNS Server and gateway on your local LAN is used so you can get back out to the internet which is why the local LAN needs to be on a different subnet to the remote client. Quote Link to comment
ljm42 Posted October 17, 2023 Share Posted October 17, 2023 Thanks for reporting this issue @iarp and @Mainfrezzerfor the workaround. This will be fixed in the next release. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.