Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Wireguard VPN tunneled access (updated for NordVPN)

Featured Replies

Hi Everyone,

 

This is an expansion/update on these two extremely helpful guides:

 

Unfortunately, if you're like me, you didn't read either of those guides and purchased 2 years worth of NordVPN and realized that NordVPN does not provide an easy configuration file to setup your WG tunnel.  After much experimenting and failure, I believe I have found the solution to manually create the wireguard tunnel.  

 

First off, you want to follow this guide for getting your nordvpn private/public keys manually.  Note: you will need a Linux OS (an unraid VM works too.  I personally spun up a quick ubuntu instance to do just this).

 

Original guide here: https://gist.github.com/bluewalk/7b3db071c488c82c604baf76a42eaad3

 

But for the most part, in the comments, darki73 created a script for pulling out the relevant information.  Re-posted below for convenience:

#!/usr/env/bin bash

required_packages=()

check_if_connected() {
    if [ -n "$(nordvpn status | grep "Status: Connected")" ]; then
        return 0
    else
        return 1
    fi
}

# Check whether jq package is installed
if ! command -v jq &> /dev/null; then
    required_packages+=("jq")
fi

# Check whether wireguard package is installed
if ! command -v wg &> /dev/null; then
    required_packages+=("wireguard")
fi

# Check if curl package is installed
if ! command -v curl &> /dev/null; then
    required_packages+=("curl")
fi

# Check if nordvpn package is installed
if ! command -v nordvpn &> /dev/null; then
    required_packages+=("nordvpn")
fi

# Install missing packages required to generate the configuration file
if [ ${#required_packages[@]} -gt 0 ]; then
    sudo apt install -y "${required_packages[@]}"
fi

if ! check_if_connected; then
    nordvpn connect
fi

interface_name=$(sudo wg show | grep interface | cut -d " " -f 2)
private_key=$(sudo wg show $interface_name private-key | cut -d " " -f 2)
my_address=$(ip -f inet addr show $interface_name | grep inet | awk '{print $2}' | cut -d "/" -f 1)

api_response=$(curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1")
host=$(jq -r '.[]|.hostname' <<< $api_response)
ip=$(jq -r '.[]|.station' <<< $api_response)
city=$(jq -r '.[]|(.locations|.[]|.country|.city.name)' <<< $api_response)
country=$(jq -r '.[]|(.locations|.[]|.country|.name)' <<< $api_response)
server_public_key=$(jq -r '.[]|(.technologies|.[].metadata|.[].value)' <<< $api_response)

server_identifier=$(echo $host | cut -d "." -f 1)
configuration_file="nordvpn-$server_identifier.conf"

{
    echo "# Configuration for $host ($ip) in $city, $country"
    echo "[Interface]"
    echo "Address = $my_address"
    echo "PrivateKey = $private_key"
    echo ""
    echo "[Peer]"
    echo "PublicKey = $server_public_key"
    echo "AllowedIPs = 0.0.0.0/0"
    echo "Endpoint = $host:51820"
} > "$configuration_file"

if check_if_connected; then
    nordvpn disconnect
fi

 

You'll need to sudo apt-get all the relevant tools above.

 

To be clear: The above script/manual steps pull out the relevant information.  It does not create a useable configuration file.  That would clearly be too easy.  Specifically from this step you want:

 

- Your nordvpn private key (henceforth: private key)

- Your nordvpn public key (henceforth: public key)

- Nordvpn's public key (henceforth: public key 2)

- Nordvpn's server address (henceforth: nord server)

- Your LynxVPN IP address (henceforth: lynx IP)

 

Now you're ready to setup the tunnel.

 

1. Head over to Settings> Network Services>VPN Manager in your Unraid server.

2. Add tunnel.  (Mine became wg1).

3. Setup the interface to look something like this:

image.thumb.png.536b9937960666a8cbd5b7ed9b361dac.png

4a. Setup the peer to look something like this (for system):

image.thumb.png.e276625829e9c7132bc4ebee8ae1bdb0.png

4b. Setup the peer to look something like this (for dockers):

image.thumb.png.74f66554f495cf856a8411d8f1b39a52.png

 

5. If the tunnel works you should see the handshake like above.  Also, you can sanity test by downloading the firefox docker and assigning the network type to "Custom: wg2" (or whatever wg tunnel instance).  Then you can navigate to what's my IP or other website to verify the VPN address.

 

 

Hope this helps!

  • 3 weeks later...

Thank you for this! I spent a few days setting up the Nordlynx container and have it working beautifully for a few Dockers now. I would like to get this rolling instead for a bit more built-innedness, in addition to facilitating remote access to my server (to include the Dockers). 

  • 4 months later...

I keep searching this topic. This solution would not be the same as or work for NordVPN Meshnet, correct?

Thanks so much for the post. This helped and got it working for me. 

The only issue I have noticed is the inability to access the webgui for a number of containers behind a docker tunnel, if I too am accessing remotely from another wireguard tunnel. I am not sure if it is something to do with routing or not? I confirmed that I can access the webgui of the containers if I am on the local network. The remote tunnel is run on my router rather than the unraid system, so I also don't know if that is causing me the issue or not. Any thoughts or suggestions?

4 minutes ago, t7br7 said:

Thanks so much for the post. This helped and got it working for me. 

The only issue I have noticed is the inability to access the webgui for a number of containers behind a docker tunnel, if I too am accessing remotely from another wireguard tunnel. I am not sure if it is something to do with routing or not? I confirmed that I can access the webgui of the containers if I am on the local network. The remote tunnel is run on my router rather than the unraid system, so I also don't know if that is causing me the issue or not. Any thoughts or suggestions?

To access those containers you won't be able to click on to the WebGUI, but you should be able to access them by IP:Port. That's how I do it via Tailscale and other methods. 

On 8/29/2024 at 1:43 PM, rabidfibersquirrel said:

To access those containers you won't be able to click on to the WebGUI, but you should be able to access them by IP:Port. That's how I do it via Tailscale and other methods. 

I did think that may have been the issue too. I was used to this when I had the containers running through another VPN container. But even when I attempt access by IP:Port, it still doesn't work.

 

EDIT: I decided to use the WG tunnel from Unraid to connect to my home network instead. When I access this way, rather than through the tunnel from my router, I can access the WebGUI of the other tunneled containers.

Edited by t7br7
Updated information on how I resolved the issue.

  • 3 months later...

My goal is to use NorthVPN at least for the qbittorrent docker, and maybe the plex docker. I'm already using CloudFlare tunnels to acces other services in my unraid.
What's the best way to do that? a docker? the built-in vpn as per this guide?

 

3 hours ago, Kedryn said:

My goal is to use NorthVPN at least for the qbittorrent docker, and maybe the plex docker. I'm already using CloudFlare tunnels to acces other services in my unraid.
What's the best way to do that? a docker? the built-in vpn as per this guide?

 

Was there a particular reason you were thinking of using VPN for Plex? I have a similar setup to you. I use Cloudflare/Reverse Proxy for some external facing content (or content others want to access) but then use WG VPN for remote access to everything else. Either way, I followed the guide above and it works well. The benefit of the inbuilt WG in Unraid is the ability to auto start and not need the array running.

11 hours ago, t7br7 said:

Was there a particular reason you were thinking of using VPN for Plex? I have a similar setup to you. I use Cloudflare/Reverse Proxy for some external facing content (or content others want to access) but then use WG VPN for remote access to everything else. Either way, I followed the guide above and it works well. The benefit of the inbuilt WG in Unraid is the ability to auto start and not need the array running.

I want to use my unraid serve as a "blackbox" being able to move it from place to place if needed. Main problem is configuring port forwarding, main solution is not having to do that using tunnels. I'm using CF for almost everything (*arr, calibre, etc. etc.), but the free tier will get picky if i start streaming videos to friends or downloading torrents, so i'm looking for another solution for those.

I'll try above solution, then, thanks.

 

I've configured my WG (NorthVPN) and it's working on wg0
image.png.464b9de3ca9f7d026ab825f6cf126927.png

then i switched the "firefox" docker network to wg0
image.thumb.png.73fca3372267df9f0d236aaa8c5072dc.png

and the docker seems fine
image.png.0d8bbf2d4172d121bbe8b5064951946f.png


but i can't access it anymore using 172.16.0.190:3000 (172.16.0.x is my network)


I also tried leaving default network ("dockernet" 172.18.0.x) and ADDING the wg0 network to the docker.
I can access it, but it wont use wg0 gateway, only the default (dockernet) one.

 

Edited by Kedryn

9 hours ago, Kedryn said:

I've configured my WG (NorthVPN) and it's working on wg0
image.png.464b9de3ca9f7d026ab825f6cf126927.png

then i switched the "firefox" docker network to wg0
image.thumb.png.73fca3372267df9f0d236aaa8c5072dc.png

and the docker seems fine
image.png.0d8bbf2d4172d121bbe8b5064951946f.png


but i can't access it anymore using 172.16.0.190:3000 (172.16.0.x is my network)


I also tried leaving default network ("dockernet" 172.18.0.x) and ADDING the wg0 network to the docker.
I can access it, but it wont use wg0 gateway, only the default (dockernet) one.

 

I have the same firefox container in my setup. Have you tried running an IP check from the firefox container when it's connected to wg0? I usually just use "curl ifconfig.me" in the container console. Does it show an IP for your VPN? I'm just wondering if the connection is working for the container or if there is an issue somewhere.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.