TheGleaner Posted May 30, 2022 Share Posted May 30, 2022 (edited) I can not seem to get it to do anything much, and when I do, the the same issue as above. It seems very hit and miss for connecting and handshaking. Edited May 31, 2022 by TheGleaner Quote Link to comment
EG-Thundy Posted June 4, 2022 Share Posted June 4, 2022 I have an issue with my laptop similar to some people here with no solution. Maybe I missed but here it is: In the config for "remote tunneled access" I can access everything using my android phone. Internet & LAN. While being on the same connection, my laptop with exactly the same vpn settings, does not connect to LAN. I downloaded the same profile that I created for the phone and on the laptop it still does not access LAN. If I create a new profile in wireguard config as "LAN access" and use that on the laptop, I can access unraid tower from browser but still no network drives are visible. So my deduction is that something is fishy from the laptop, since laptop is the only thing different. Either laptop settings or something about the vpn client app. If someone could shed some light it would be awesome. Quote Link to comment
winterx Posted June 8, 2022 Share Posted June 8, 2022 Hello. I hope someone can give me a piece of routing wisdom. What i have now Router with static IP and wireguard port forwarded to unraid server. Docker containers can access commercial VPN service via dedicated privoxy container. Usecase I connect with my laptop from afar and have an access to my docker containers, LAN and internet via router connection What I want to achieve I connect with my laptop from afar and have an access to docker containers, LAN and internet via commercial VPN service It would be great to route dockers via the same VPN As far as I understand, I am trying to build a chained VPN but I can not find any manuals on this issue. I'd be extremely happy if someone could explain me how to achieve it or offer a better setup Quote Link to comment
shchui Posted June 8, 2022 Share Posted June 8, 2022 On 4/22/2022 at 12:20 PM, ljm42 said: For security, WireGuard fails silently, so there isn't much to go on if it doesn't work. All I can suggest is to go through the first two posts again. It really does work Is this the correct settings on android phone? File : peer-Tower-wg0-1.conf [Interface] #MyAndroid PrivateKey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= Address=10.253.0.2/32 [Peer] #MyHome VPN PresharedKey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= PublicKey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= Endpoint=xxxxxxxxxxxx.duckdns.org:51820 AllowedIPs=10.253.0.1/32, 192.168.9.0/24 Note: I masked out the keys and dynamic DNS address. Quote Link to comment
JetRun15 Posted June 9, 2022 Share Posted June 9, 2022 So I have followed the setup here (https://www.youtube.com/watch?v=HIJiYuPDzKs&t=5s) and in the past this worked. However, I wanted to change my DNS name and started from scratch again. However, when I follow the video I can never get the eye icon to work. Is there a reason for this? I have followed the basic stuff such as ensuring the port is being port forwarded, bridging is enabled, etc. etc. Quote Link to comment
shchui Posted June 9, 2022 Share Posted June 9, 2022 11 hours ago, JetRun15 said: So I have followed the setup here (https://www.youtube.com/watch?v=HIJiYuPDzKs&t=5s) and in the past this worked. However, I wanted to change my DNS name and started from scratch again. However, when I follow the video I can never get the eye icon to work. Is there a reason for this? I have followed the basic stuff such as ensuring the port is being port forwarded, bridging is enabled, etc. etc. Have you press the "apply" button at the bottom of the VPN manager screen? 1 Quote Link to comment
EG-Thundy Posted June 18, 2022 Share Posted June 18, 2022 On 6/4/2022 at 2:37 PM, EG-Thundy said: I have an issue with my laptop similar to some people here with no solution. Maybe I missed but here it is: In the config for "remote tunneled access" I can access everything using my android phone. Internet & LAN. While being on the same connection, my laptop with exactly the same vpn settings, does not connect to LAN. I downloaded the same profile that I created for the phone and on the laptop it still does not access LAN. If I create a new profile in wireguard config as "LAN access" and use that on the laptop, I can access unraid tower from browser but still no network drives are visible. So my deduction is that something is fishy from the laptop, since laptop is the only thing different. Either laptop settings or something about the vpn client app. If someone could shed some light it would be awesome. An update on my issue... This seems an issue with Windows 11 only. Same config works on Win 10. That brings the question if win 11 has some settings that is causing this cause Win10 is just plug and play for me. What I've tried: -Set Inbound/outbound rules for firewall -Turned Windows Firewall on/off -Set the network adapter to private -Used Tunsafe to see if it was wireguard app related -Used "secpol" and adjusted the stettings there too. Is there any potential setting that I'm missing? Quote Link to comment
Panseman Posted June 18, 2022 Share Posted June 18, 2022 My Plan is to use a Ubuntu Server 20.04 VPS as a reverse proxy for various gameservers/Plex and other stuff to mask my IP. What i gathered on reddit and other forums is, that it is definitely possible by setting up Wireguard on Unraid and the VPS as LAN-To-LAN. So far i got everything setup and the VPS is able to ping my server, but ONLY my server. No Docker with a custom IP or any other device in my network. (Host access is enabled) I think the problem is caused by the Static Routing tables. Or to be more precise by the VPS which has no private IP-Address. like none at all. It has a public one, which is configured as the "private" IP of the network interface (A 93.xxx Adress is in no private range) and that's it (see the output below for reference). Do i really need Lan-to-Lan Access or is Remote Access to LAN enough to host a reverse Proxy on a VPS ? And if LAN-to-LAN is the real-deal is the routing really the culprit, or am i missing something ? Any help would be appreciated i already wasted 8 hours on research. ifconfig -a ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 93.90.xxx.xxx netmask 255.255.255.255 broadcast 93.90.xxx.xxx inet6 fe80::250:xxxx:xxxx:xxxx prefixlen 64 scopeid 0x20<link> ether 00:50:mm:mm:mm:mm txqueuelen 1000 (Ethernet) RX packets 23690 bytes 3395454 (3.3 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20433 bytes 3698928 (3.6 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 120 bytes 9704 (9.7 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 120 bytes 9704 (9.7 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Quote Link to comment
Panseman Posted June 19, 2022 Share Posted June 19, 2022 Just as a heads up, in case someone else wanted to try something like me: Its partially working now. Everything is reach- and routeable through a Lan-to-Lan connection from my Unraid Server to the VPS and vice verse except for Devices in my LAN like my own PC etc. Due to the VPS having only a private IPV6-Adress, which is disabled in my router for various reasons. Which therefore makes it impossible to route the traffic of other network devices correctly. Quote Link to comment
subwars Posted June 20, 2022 Share Posted June 20, 2022 Can anyone help with confiruring a Dream Machine to allow wireguard through. I had it working with previous billion router, but i've just upgraded to a dream machine se, but i'm having trouble getting it to work. Quote Link to comment
Panseman Posted June 22, 2022 Share Posted June 22, 2022 I have Connected a Ubuntu Server 20.04 VPS with a LAN-to-LAN Connection in Wireguard to my Unraid Server. The VPS is reverse-proxying various Gameservers and Plex via iptables. So now you can connect to the Gameservers/Plex via the public IP of the VPS and port x. The Only Problem is, that in Plex and the Gameserver Dockers each client now gets the same IP: The Adress of the Wireguard Tunnel. So now the question is, if there a way to pass the IP of the connecting client (for example a Plex app with the IP 12.34.56.78) to the Unraid machine through the Wireguard Tunnel, so that Plex can differentiate between clients. Quote Link to comment
IbeAbitGoofy Posted July 3, 2022 Share Posted July 3, 2022 (edited) Hoping someone can help. I am able to access my server remotely via Wireguard. However, I cannot access any other asset on the network (i.e., Home Assistant on a VM/another IP). Additionally, I cannot access the internet. Below is my configuration on VM Manager. Any insight would be greatly appreciated. Edited July 3, 2022 by BigMal Quote Link to comment
Ruato Posted July 3, 2022 Share Posted July 3, 2022 Hi, I tried to search but could not find a solution. I have a Wireguard server running on my Unraid Server and I have setup several "Remote tunneled access" peers. How can I achieve the following: The remote peers need to connect to the Internet via my external network connection. This works currently. The remote peers need to be restricted only to a certain IP and a port in the Unraid server (one docker image running in my Unraid Server). That is, I do not want them to be able to access the rest of my LAN or the Unraid server services. How can the above restriction be achieved? Is there a setting in Wireguard peer config to achieve this or could be done with some iptables magic in the Unraid server? Thank you very much for any help! Quote Link to comment
Besh Posted July 8, 2022 Share Posted July 8, 2022 (edited) I was having the same issue, could ping the peer and could connect to unraid server, but couldn't reach the internet nor local network. I disabled "Local server uses NAT" and manually set a static route, and everything now works Edited July 8, 2022 by Besh 1 Quote Link to comment
Trozmagon Posted July 16, 2022 Share Posted July 16, 2022 On 7/8/2022 at 1:28 AM, Besh said: I was having the same issue, could ping the peer and could connect to unraid server, but couldn't reach the internet nor local network. I disabled "Local server uses NAT" and manually set a static route, and everything now works Mate you're a lifesaver, thanks for this! Solved my unraid access but no internet issue Quote Link to comment
Trozmagon Posted July 16, 2022 Share Posted July 16, 2022 (edited) Hi everyone, I've just setup WireGuard and everything is working well except I have an issue with a couple of specific docker containers where I route traffic via other containers. I have a couple of instances of this setup but I've provided 1 example in the screenshot, essentially the tvheadend container the network is set to none with the parameter "--net=container:vpn-australia" to using the network of the vpn-australia container, the vpn-australia container is just openvpn using PIA to connect to their Australian server. While connected to WireGuard on my phone I'm able to access all my other containers and I'm even able to access the vpn-australia container but I cannot access the tvheadend container. Has anyone had a similar situation they've come up with a solution for? Any help would be great. Thanks! Edited July 16, 2022 by Trozmagon Quote Link to comment
Wheels35 Posted July 18, 2022 Share Posted July 18, 2022 Hopefully someone can help me out here. I have been trying to minimize all my writes to my cache drive. I have uninstalled wireguard completely, but there seems to be a 'appdata/wireguard' folder that copies everything from appdata (both mnt/cache and mnt/user) into it (every hour or so it looks like). This is killing my writes endurance on my drive and I can't find where to stop unraid from doing this. Quote Link to comment
RedXon Posted August 4, 2022 Share Posted August 4, 2022 I am sure that I am doing something completely stupid and there is an easy fix, but after some hours of troubleshooting I'd rather ask here for a change: So, I am trying to set up site to site VPN with unRaid. And for some reason it works only from and to the servers but not beyond, could be a routing issue, could be firewall but I don't get what exactly is blocking what. To make it quick: Network1: 192.168.0.0/24, Network2: 192.168.1.0/24 Unraid1: 192.168.0.2, Unraid2: 192.168.1.2 So what works is: Connecting from one unRaid server to the other unraid Server and vice versa Connecting and pinging from unraid 2 server to any client on network 1 Connecting and pinging from unraid 1 server to any client on network 2 Connecting and pinging from any client on network 1 to unraid 2 Pinging the tunnel address of unraid 1 from any client on network 2 Pinging the tunnel address of unraid 2 from any client on network 1 What doesn't work: Pinging from any client other than unraid 2 on network 2 to anything on network 1 Pinging from any client on network 1 to any client on network 2 other than unraid 2 So I hope it is understandable. Basically I cannot get to network 1 from network 2 beyond unraid 2, as if the server is blocking it somehow. I have set up routing and the rest exactly like in the tutorial. Any Ideas? Quote Link to comment
JetRun15 Posted August 4, 2022 Share Posted August 4, 2022 On 6/9/2022 at 3:36 PM, shchui said: Have you press the "apply" button at the bottom of the VPN manager screen? So actually figured it out but forgot to update all these months later. Turns out somehow when I removed WireGuard there were still remnants of the files from my old configuration there. When I used Krusader to remove the WireGuard configuration files, I was able to create a new one and the eye came back for me to use. Not sure if this will help others or if this is one off for me. Quote Link to comment
ljm42 Posted August 4, 2022 Author Share Posted August 4, 2022 5 hours ago, RedXon said: I am trying to set up site to site VPN with unRaid. This is one of the more complex things to do and it sounds like you got pretty far, nice! In the OP there is a link to this post, have you seen it? https://forums.unraid.net/topic/88906-lan-to-lan-wireguard/ Quote Link to comment
ljm42 Posted August 4, 2022 Author Share Posted August 4, 2022 On 7/17/2022 at 7:30 PM, Wheels35 said: Hopefully someone can help me out here. I have been trying to minimize all my writes to my cache drive. I have uninstalled wireguard completely, but there seems to be a 'appdata/wireguard' folder that copies everything from appdata (both mnt/cache and mnt/user) into it (every hour or so it looks like). This is killing my writes endurance on my drive and I can't find where to stop unraid from doing this. The built-in WireGuard implementation does not store anything in appdata. Maybe you have a WireGuard docker? I'd recommend asking in that docker's support thread. If you can't find that, ask in General Support. Be sure to upload your diagnostics (from Tools -> Diagnostics) Quote Link to comment
RedXon Posted August 5, 2022 Share Posted August 5, 2022 17 hours ago, ljm42 said: This is one of the more complex things to do and it sounds like you got pretty far, nice! In the OP there is a link to this post, have you seen it? https://forums.unraid.net/topic/88906-lan-to-lan-wireguard/ Yeah, I have followed pretty much this guide. At the moment I have a IPSEC Site to Site VPN running between these Sites, but I am hoping for better performance when using Wireguard (IPSEC maxes out at about 35mbit/s in this particular hardware). Of course I have shut down the IPSEC VPN before setting up the Wireguard VPN to avoid problems with these. It was quite the ride as I was using jumphosts on either site to have access to the configurations. As I said, I am not sure if the issue lies with unraid or with the routers itself. If it helps, here are the configs (redacted a bit)... Config on unraid 1 [Interface] #Site2Site PrivateKey=redacted Address=10.253.0.1 ListenPort=51821 PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started' PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped' PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostUp=ip -4 route flush table 200 PostUp=ip -4 route add default via 10.253.0.1 table 200 PostUp=ip -4 route add 192.168.0.0/24 via 192.168.0.1 table 200 PostDown=ip -4 route flush table 200 PostDown=ip -4 route add unreachable default table 200 PostDown=ip -4 route add 192.168.0.0/24 via 192.168.0.1 table 200 [Peer] #Unraid2 PublicKey=redacted PresharedKey=redacted Endpoint=redacted.tld:51822 AllowedIPs=10.253.0.0/24, 192.168.1.0/24 Config on unraid 2: [Interface] #Site2Site PrivateKey=redacted Address=10.253.0.2 ListenPort=51822 PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started' PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped' PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE PostUp=ip -4 route flush table 200 PostUp=ip -4 route add default via 10.253.0.2 table 200 PostUp=ip -4 route add 192.168.1.0/24 via 192.168.1.1 table 200 PostDown=ip -4 route flush table 200 PostDown=ip -4 route add unreachable default table 200 PostDown=ip -4 route add 192.168.1.0/24 via 192.168.1.1 table 200 [Peer] #Unraid 1 PublicKey=redacted PresharedKey=redacted Endpoint=redacted.tld:51821 AllowedIPs=10.253.0.0/24, 192.168.0.0/24 Thanks for any input! Quote Link to comment
Aspiro Posted August 13, 2022 Share Posted August 13, 2022 (edited) - edit because no value Edited December 4, 2022 by Aspiro Quote Link to comment
Coastal Custom Tech Posted August 20, 2022 Share Posted August 20, 2022 Hi, Is there a script that I can use to start wireguard? I'm having a issue where a vpn tunnel will become inactive for a unknown reason. As this is only a backup server for offsite storage I want to run a scipt once or twice a day to make sure that the tunnel is enabled so that the data transfer will work correctly. I am using a 600 second keep alive time and that has helped 2 other sites that I have but this site is my main site for backups. Any help would be much appreciated. Quote Link to comment
Keeper317 Posted August 21, 2022 Share Posted August 21, 2022 I followed this guide and got the basic connection working, but I am having issues with accessing dockers and VMs with custom IPs. My "Use NAT" is set to "No" "Host access to custom networks" is enabled I have a static route setup in my router "Enable bridging" is set to "Yes" in my network settings I have 2 peers, a "Remote tunneled access" and a "Remote access to LAN". Both can connect and handshake with no problems. I can access the unraid webUI but neither allows me to access anything outside of unraid server's IP. I can access my dockers that are on br0 but nothing that uses a custom IP, nor any of my VMs or other devices on my server's LAN. Any ideas would be welcomed, have been pulling my hair out for a few days trying to figure this out. I can post images or anything to give more context if needed. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.