WireGuard VPN support

Recommended Posts

I think supporting wireguard would be very useful for a lot of users.  It could make unRAID a preferred home based cloud storage device.  At least for me, anyway ;>)

I built wireguard using the latest Slackware live iso and the info at https://slackbuilds.org/repository/14.2/network/WireGuard/ but couldn't figure how to insert it into the unRAID kernel.  Probably would be trivial for you guys but not clear to me.

Link to comment
21 hours ago, tr0910 said:

Did you try and create a wireguard VM? Doesn't have to be slack. That should be trivial. Unraid KVM makes it easy.

Adding to base os it's not trivial

Sent from my chisel, carved into granite

I have only tried what I described so far.  Since it seems WireGuard will be in the Linux kernel soon I just thought it would be a natural fit for unRAID. I just see remotely separated unRAID systems bi-directionaly syncing data via WireGuard vpn with no need for a particularly powerful router as just port forwarding would be required.  I do something similar with pfSense/OpenVPN and rclone. A private personal cloud by invitation only.

Link to comment

I look forward to these kind of tools becoming more easily accessible. However you and I are in the minority. Unraid biggest user group are data hoarders, who don't really care much about security. I'm glad Tom keeps the product fresh and fully patched.


Never hurts to ask. If he can do it easily, it may happen.


Sent from my chisel, carved into granite





  • Like 1
Link to comment
  • 1 month later...

For what its worth, I accomplished the same thing by employing OPNSense routers running WirdGuard VPN software on both sites.  Using rclone cron jobs I can copy/sync/move folders between my unRAID servers.  Probably better this way, no additional setup in the router other than WireGuard.  Works great. 

Link to comment
  • 2 months later...
  • 2 weeks later...
  • 2 months later...

any news on wireguard in unraid?


I'd like to connect my unraid build to my public server already running wireguard as a secure tunnel to home. I guess now the only way would be to have an additional VM running as the wireguard client?

Link to comment
  • 3 weeks later...
  • 1 month later...
  • 3 months later...
1 minute ago, segator said:

Have a look on the repo https://github.com/segator/wireguard-dynamic there are instructions and explanation, if you have questions after read that let me know

Unraid 6.8 has a full fledged WireGuard implementation and GUI to manage WireGuard tunnels and peers.

Maybe I should rephrase my question: "what does your app add to the existing WireGuard implementation in Unraid 6.8" ?


Link to comment

I'm not a fan of GUI's I undertand for lot of people can not be interesting, i'm not trying to say that this implementation is better than the current one,

is a diferent alternative :) 


my app provides:
- Automatic  configuration on all the nodes of the cluster (new/update/remove nodes)

- Support for dynamic IP: it update the endpoint of the node that the public IP changed an the rest of the nodes.



Link to comment

It seems you build WireGuard in a Docker container, this approach looses all the advantages of WireGuard in Unraid 6.8

- Native support in kernel and associated high performance

- Instant availability of WireGuard tunnels regardless of the array running or not (Docker won't run with the array down)


Your app seems more suitable for older versions of Unraid without WireGuard included?


Link to comment
1 hour ago, segator said:

if you have questions after read that let me know

Some security related questions:

- Looks like node addition is unrestricted. This poses a huge security risk, your network may get infiltrated with unsolicited nodes without knowing.

- How trustful is this free service kvdb.io?  Storing keys with an unknown party is questionable.

- How is key management handled between peers? Is it possible to update/revoke keys?

- Any control on what nodes can access, a single device or a complete LAN?


1 hour ago, segator said:

is a diferent alternative

To me, this is really not an alternative to what is offered with Unraid 6.8, did you try the Unraid implementation?

Link to comment

the release comes with docker or just a binary.

Wireguards runs on the kernel, the docker or my app only send the commands to the kernel. so the performance is native as unraid plugin.


- Looks like node addition is unrestricted. to be able to add a node you need the clusterID, but the security of course should be improved.

- How trustful is this free service kvdb.io? you are right, maybe we should upload data encripted then problem solved.

- How is key management handled between peers? public keys are uploaded to the configuration manager and shared with rest of nodes of the cluster

- Is it possible to update/revoke keys? nope

- Any control on what nodes can access, a single device or a complete LAN? both are supported


Hey @bonienl I don't expect this app as a replacement of what already exists on unraid, what we have now in unraid is what wireguard offers and thats great.


What my app does is simplify big  node cluster deployment.

try to configure 50 nodes peer to peer between them and the half have dynamic public IP that changes 1 time a week.

Is not something people in unraid will need, only some nerds like me.

I didn't built that even in high security in mind, I only wanted something to simplify the deployment and allow dynamic public IP provided by internet companies.

If I have time some day I will add to UPNP and UPD hole punching support so people won't need to open ports on their routers.



Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.