bonienl Posted October 20, 2019 Share Posted October 20, 2019 1 hour ago, david279 said: I saw something like this too. I run pihole in a Vm and when the NAT setting in wireguard is set to yes all the clients in pihole have the name of unRAID server. The Pihole is ran in a ubuntu VM on my unRAID server. Once i set NAT to No all the correct client names returned to normal. Now i run wireguard with NAT set to No and enabled a static route on my route for wireguard to my unRAID server and all is good now. Excellent, I presume you have set up a manual port forwarding rule on your router. Btw. This solution is also applicable to docker containers running on custom IP addresses (e.g. pi-hole in a container with its own address) 1 Quote Link to comment
david279 Posted October 20, 2019 Share Posted October 20, 2019 2 minutes ago, bonienl said: Excellent, I presume you have set up a manual port forwarding rule on your router. Btw. This solution is also applicable to docker containers running on custom IP addresses (e.g. pi-hole in a container with its own address) While we looking this....Can we add the ability to use both ipv4 and ipv6 addresses for wireguard at the same time. The GUI right now its either ipv4 or ipv6. I know i could just added the address line in the cmd line to the wg0.conf for ipv6 but it would be convenient if i could do it in the GUI. I ran a wireguard server in a VM for a while so im used to playing with that config file. Quote Link to comment
bonienl Posted October 20, 2019 Share Posted October 20, 2019 3 minutes ago, david279 said: Can we add the ability to use both ipv4 and ipv6 addresses for wireguard at the same time You can add a second tunnel, one for IPv4 and another for IPv6 Quote Link to comment
takkkkkkk Posted October 20, 2019 Share Posted October 20, 2019 Ok, I'm confused, I tried searching for the answer, but I can't seem to find it... Why not just use duckdns/openvpn?? What's so great about wireguard? Quote Link to comment
bonienl Posted October 20, 2019 Share Posted October 20, 2019 1 minute ago, takkkkkkk said: What's so great about wireguard? A lot .... Quote Link to comment
takkkkkkk Posted October 20, 2019 Share Posted October 20, 2019 Just now, bonienl said: A lot .... care to give me top ones? Quote Link to comment
bonienl Posted October 20, 2019 Share Posted October 20, 2019 From www.wireguard.com WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. You can search online for comparisons between WireGuard and other VPN solutions. Quote Link to comment
H2OKing Posted October 20, 2019 Share Posted October 20, 2019 care to give me top ones?https://lmgtfy.com/?q=wireguard+vs+openvpn&s=gSent from my iPhone using Tapatalk Pro 2 Quote Link to comment
climber455 Posted October 21, 2019 Share Posted October 21, 2019 4 hours ago, bonienl said: Need more info. I have multiple VMs all reachable when wireguard is active It's not that they aren't reachable. I have my router set up to send all the internet traffic from a VM running on unraid over an open vpn connection instead of my ISP. When Wireguard was running it sent all traffic from my VM over my ISP connection bypassing the VPN set up on the router. When I turned Wireguard off the traffic once again got routed over the OpenVPN connection on the router. 4 hours ago, david279 said: I saw something like this too. I run pihole in a Vm and when the NAT setting in wireguard is set to yes all the clients in pihole have the name of unRAID server. The Pihole is ran in a ubuntu VM on my unRAID server. Once i set NAT to No all the correct client names returned to normal. Now i run wireguard with NAT set to No and enabled a static route on my route for wireguard to my unRAID server and all is good now. Setting NAT in Wireguard to "no" and adding a static route to my router keeps my VM traffic with the VPN connection on the router. This has solved my issue completely, THANK YOU @david279! Quote Link to comment
casperse Posted October 21, 2019 Share Posted October 21, 2019 (edited) Hi All I don't seem to see the option to change the "local tunnel network pool" anymore in Advanced view Also tried to delete the plugin and install it again, nut the last update made i vanish from my plugin list maybee by design? Should I delete the config folder on the flash drive to get back to "start"? UPDATE: Delete the folder rebooted the server, did the configuration again - found that Local tunnel was in the Peer name (Sorry) I am now connected but no handshake? Added the port and also the static route, and I see some activity so what could I be missing? Edited October 21, 2019 by casperse Quote Link to comment
ptr78 Posted October 21, 2019 Share Posted October 21, 2019 Is there an option with the "Remote tunneled access" to restrict the access to the Unraid LAN? That is, I would like to make a setup with only IP tunneling/forwarding without an access to the LAN. Is this possible? Quote Link to comment
Gragorg Posted October 22, 2019 Share Posted October 22, 2019 What is the advantage or disadvantage of "Remote access to Lan" vs "Remote tunneled access"? Quote Link to comment
ljm42 Posted October 22, 2019 Author Share Posted October 22, 2019 1 hour ago, Gragorg said: What is the advantage or disadvantage of "Remote access to Lan" vs "Remote tunneled access"? Depends on what you are trying to do. See the description and diagram in the first post of this thread. Quote Link to comment
ljm42 Posted October 22, 2019 Author Share Posted October 22, 2019 8 hours ago, ptr78 said: Is there an option with the "Remote tunneled access" to restrict the access to the Unraid LAN? That is, I would like to make a setup with only IP tunneling/forwarding without an access to the LAN. Is this possible? No, as mentioned in the first post, you really need to trust the people that you give this VPN access to. Regardless of which access type you choose, assume the user could get full access to your LAN. If you really want to do it, you could potentially put WireGuard on a raspberry pi on its own VLAN. But that is well beyond the scope of what we are trying to do with this plugin. Quote Link to comment
ljm42 Posted October 22, 2019 Author Share Posted October 22, 2019 (edited) 16 hours ago, casperse said: I am now connected but no handshake? Added the port and also the static route, and I see some activity so what could I be missing? Activity with no handshake is odd, I don't think I have seen that before. Not sure what you mean by "static route"? Are you trying to get around issues with VMs or dockers? I'd remove that until you get the basics down first. i'd recommend you start with the scenario in the guide, "remote access to LAN". If you can get that working that will prove all the basics are good. If you have issues with that, go through the troubleshooting section with a fine tooth comb. Once you have the basics working you can move on to the other options. Edited October 22, 2019 by ljm42 Quote Link to comment
ptr78 Posted October 22, 2019 Share Posted October 22, 2019 9 minutes ago, ljm42 said: No, as mentioned in the first post, you really need to trust the people that you give this VPN access to. Regardless of which access type you choose, assume the user could get full access to your LAN. Yes, totally understandable. Thank you for the fast reply! Quote Link to comment
casperse Posted October 22, 2019 Share Posted October 22, 2019 (edited) 17 hours ago, casperse said: Hi All I don't seem to see the option to change the "local tunnel network pool" anymore in Advanced view Also tried to delete the plugin and install it again, nut the last update made i vanish from my plugin list maybee by design? Should I delete the config folder on the flash drive to get back to "start"? UPDATE: Delete the folder rebooted the server, did the configuration again - found that Local tunnel was in the Peer name (Sorry) I am now connected but no handshake? Added the port and also the static route, and I see some activity so what could I be missing? Any suggestions I have read through the post and I can't see anything wrong... I am only testing by phone app. Also tried to change tunnel to LAN but I still get no handshake? (Logfile on device says no to handshake) Regards Casperse Unifi settings: Port forwarding: Edited October 22, 2019 by casperse Quote Link to comment
casperse Posted October 22, 2019 Share Posted October 22, 2019 (edited) Ok so I just tried my other IP on my Unraid server (have a backup) and then it just worked? (Bridge is enabled!) How can this be? what sets the priority of my IP's for the Unraid server? Have I configured the network wrong? Primary IP (Should be) 192.168.0.6 Is it a bug? running 6.8 - rc3 Secondary IP: 192.168.0.13 <---- Wireguard connects to this one? Edited October 22, 2019 by casperse Quote Link to comment
bonienl Posted October 22, 2019 Share Posted October 22, 2019 Try testing with "Local gateway uses NAT = NO" This prevents adding additional iptables rules to the server. Quote Link to comment
casperse Posted October 22, 2019 Share Posted October 22, 2019 (edited) 1 hour ago, bonienl said: Try testing with "Local gateway uses NAT = NO" This prevents adding additional iptables rules to the server. SORRY spoke to fast Update No that didnt work either the handshake was cashed @bonienl Changed the static route to my primary IP and also the forwarding, changed NAT to NO and then no access Edited October 22, 2019 by casperse Quote Link to comment
casperse Posted October 22, 2019 Share Posted October 22, 2019 Sorry no that didnt work spoke too soon Quote Link to comment
trott Posted October 23, 2019 Share Posted October 23, 2019 ok, I add a peer with remote to Lan access, the tunnel can be activated(with mobile data connection), but I cannot connect the server by IP; I disconnect the tunnel, now I cannot even connect to server on the laptop in the same lan, enven ping cannot be reached; now I totally lost connection to the sever(web or ssh) Quote Link to comment
Lev Posted October 23, 2019 Share Posted October 23, 2019 Wow I've been using this and it's simply amazing. Huge thank you to integrating this into Unraid. 1 Quote Link to comment
ljm42 Posted October 24, 2019 Author Share Posted October 24, 2019 On 10/23/2019 at 1:32 AM, trott said: ok, I add a peer with remote to Lan access, the tunnel can be activated(with mobile data connection), but I cannot connect the server by IP; I disconnect the tunnel, now I cannot even connect to server on the laptop in the same lan, enven ping cannot be reached; now I totally lost connection to the sever(web or ssh) Not sure what happened, but hopefully you saw this in the Troubleshooting section of the guide: Quote If you can't reach the Unraid webgui for some reason and you need to prevent a WireGuard tunnel from automatically starting, delete this file from your flash drive and reboot: /boot/config/wireguard/autostart Quote Link to comment
ljm42 Posted October 24, 2019 Author Share Posted October 24, 2019 I have amended the guide, there is now a section for "Complex Networks" that talks about setting "Use NAT" to "No" and adding a static route in your router. This is needed if you have Dockers with custom IPs or certain VM setups. These changes should allow everything on the network to work normally. However, as several people have seen, your WireGuard clients may not be able to access those Dockers or VMs. This still needs to be figured out. If you find a solution, please comment Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.