January 9Jan 9 Hello,I'd like to know if there is a way to specify additional routes in tables created for VPN tunnels and if so how does one do it.I've created a VPN tunnel in "Settings > VPN Manager" with peer type "VPN tunneled access for docker". I can assign containers to a new custom network that got created and everything works fine from the container's perspective - it does reach the internet through the tunnel. The container exposes a port that I want to be reachable from local networks other than the one Unraid is on. Packets from other local networks do reach the container but responses are routed through the VPN tunnel which is not what needs to happen.In my setup Unraid's main interface has address 192.168.5.99.When the tunnel is created I see the following changes to the routing setup:ip rule shows new entry:from 172.31.200.0/24 lookup 200ip route show table 200 showsdefault via 10.14.0.2 dev wg0 192.168.5.0/24 via 192.168.5.1 dev br0I need more entries for local networks in this table, say I'd need an entry for a local network that Unraid is not aware of like:192.168.1.0/24 via 192.168.5.1 dev br0I've verified that when such an entry is added manually the responses are routed correctly to the origin of the request. Manual entries won't be recreated after the machine's restart so I need a more permanent solution.In the UI in tunnel's settings when I click on the "eye" icon I see roughly the following interface definition:[Interface] #name PrivateKey=... Address=10.14.0.2 PostUp=logger -t wireguard -- 'Tunnel WireGuard-wg0 started'; /usr/local/emhttp/webGui/scripts/update_services PostDown=logger -t wireguard -- 'Tunnel WireGuard-wg0 stopped'; /usr/local/emhttp/webGui/scripts/update_services PostUp=ip -4 route flush table 200 PostUp=ip -4 route add default via 10.14.0.2 dev wg0 table 200 PostUp=ip -4 route add 192.168.5.0/24 via 192.168.5.1 dev br0 table 200 PostDown=ip -4 route flush table 200 PostDown=ip -4 route add unreachable default table 200 PostDown=ip -4 route add 192.168.5.0/24 via 192.168.5.1 dev br0 table 200I'm wondering if there's a way to influence this definition and add additional PostUp/PostDown pairs.I'll be grateful for any hints on how to achieve the above.Thanks,Tom
May 4May 4 Yeah, this is all I want:1) Containers I specify us the VPN tunnel2) Everything else (bridge-networked containers, host) stays the same, not using the VPN tunnel.3) The VPN tunnel rebuilds itself as needed (the PIA token has a lifetime)4) If the VPN tunnel goes down, it doesn't affect anything that doesn't use itWhy is this so hard? @SpaceInvaderOne 's tutorial gets you up and running, but you don't realize that unwanted traffic is going over the tunnel, and when the tunnel fails the host suddenly loses network.For example, I have a DuckDNS container running to update my domain with my current IP address. It's on the bridged network. It thought my IP address was that of the VPN endpoint, and updated the DNS entry. Then all my Caddy-managed reverse proxy names like "photos.mydomain.com" were not resolving to my server.I was able to get everything working except my host traffic is still going over the tunnel while it's up. I had to use a combination of (1) a refresh script that includes IPtables tweaks like you're describing, (2) routing rules in my go script. See https://forums.unraid.net/topic/197609-unraid-vpn-manager-tunnel-wg0-not-showing-up-in-docker-containers/#findComment-1621149
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.