Jump to content

Unraid Wireguard VPN doesn't respond

snowmirage

By snowmirage
in General Support

Recommended Posts

snowmirage Apprentice

snowmirage

Posted
Posted

I've had the wireguard vpn built into unraid running for a while but haven't needed it in months.  At some point, probably after an update of the Unraid OS if I had to guess.  It stopped working.  I assumed I probably busted something in the process of moving from the onboard NIC to a new 10gig interface I installed, so I set out to set up the VPN again from scratch.

After reading the docs and several guides I'm fairly confident I have everything setup correctly.

But I don't see unraid respond to any connection requests on port 51820.  Running tcpdump on my firewall I can see the traffic hit my external interface and get passed to the unraid IP, but no response.

I noticed after setting things up this active/inactive switch doesn't stay "active"

image.thumb.png.cc8c249e1527712da8d81a9eb35d7830.png

and noticed similar messaging on the dashboard.

image.png.eb888225897ade0670c7451cc4a5962f.png

I initially thought that just meant "no one is connected yet".

Something I noticed that may be related.  Recently when I rebooted the Unraid Host I noticed on its directly connected display that when the login prompt comes up it no longer lists an IP address.  It did before I migrated to my new 10Gig NIC.

Additional information:  I setup the 10Gig nic with a trunk port on my local switch and have several VLAN's connected directly to Unraid.

My guess here is that the VPN service isn't listening on all Unraid's interfaces, or at least not the one I intend (VLAN 2 aka br2.2 10.2.0.16)

I've attached the diag file.

This is all I see directly in the system logs when I try to flip that "active/inactive" slider

  

Mar 18 17:36:43 phoenix wireguard: Tunnel WireGuard-wg0 started
Mar 18 17:36:43 phoenix network: update services: 1s
Mar 18 17:36:45 phoenix network: reload service: nginx
Mar 18 17:44:40 phoenix wireguard: Tunnel WireGuard-wg0 started
Mar 18 17:44:40 phoenix network: update services: 1s
Mar 18 17:44:41 phoenix network: reload service: nginx


Doing some searching another post referenced "/var/log/wg-quick.log"

There I found this

  

wg-quick down wg0
wg-quick: `/etc/wireguard/wg0.conf' does not exist

wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.253.0.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] logger -t wireguard 'Tunnel WireGuard-wg0 started';/usr/local/emhttp/webGui/scripts/update_services
[#] iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE;iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o vhost0 -j MASQUERADE

wg-quick down wg0
[#] ip link delete dev wg0
[#] logger -t wireguard 'Tunnel WireGuard-wg0 stopped';/usr/local/emhttp/webGui/scripts/update_services
[#] iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE;iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o vhost0 -j MASQUERADE

wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.253.0.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.253.0.2/32 dev wg0
[#] logger -t wireguard 'Tunnel WireGuard-wg0 started';/usr/local/emhttp/webGui/scripts/update_services
[#] iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE;iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o vhost0 -j MASQUERADE
[#] ip -4 route flush table 200
[#] ip -4 route add default via 10.253.0.1 dev wg0 table 200
[#] ip -4 route add 0.0.0.0/0 via  dev br0 table 200
Error: inet address is expected rather than "dev".
[#] ip link delete dev wg0

wg-quick down wg0
wg-quick: `wg0' is not a WireGuard interface

wg-quick down wg0
wg-quick: `wg0' is not a WireGuard interface

wg-quick down wg0
wg-quick: `wg0' is not a WireGuard interface

wg-quick down wg0
wg-quick: `wg0' is not a WireGuard interface

wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.253.0.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.253.0.2/32 dev wg0
[#] logger -t wireguard 'Tunnel WireGuard-wg0 started';/usr/local/emhttp/webGui/scripts/update_services
[#] iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE;iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o vhost0 -j MASQUERADE
[#] ip -4 route flush table 200
[#] ip -4 route add default via 10.253.0.1 dev wg0 table 200
[#] ip -4 route add 0.0.0.0/0 via  dev br0 table 200
Error: inet address is expected rather than "dev".
[#] ip link delete dev wg0

wg-quick down wg0
wg-quick: `wg0' is not a WireGuard interface


Maybe I'm running into a problem simply because I'm using VLANs as my main interface for Unraid?

I certainly appreciate any ideas.  Maybe its just simpler for me to run a dedicated VM, or docker container?

phoenix-diagnostics-20240318-1748.zip

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...