Squid Posted November 13, 2019 Share Posted November 13, 2019 What do you mean by 16 minutes ago, evocraigst said: my unraid server crashes 18 minutes ago, evocraigst said: trouble shooting steps If the GUI is completely unresponsive etc, then under Settings - Syslog server, enable mirror syslog to flash and after the crash post the resulting file stored on the flash drive (logs folder) Quote Link to comment
evocraigst Posted November 13, 2019 Share Posted November 13, 2019 1 minute ago, Squid said: What do you mean by If the GUI is completely unresponsive etc, then under Settings - Syslog server, enable mirror syslog to flash and after the crash post the resulting file stored on the flash drive (logs folder) gui goes offline , all dockers and vm's turn off and have to hard reboot the system i deleted my 2 vpn peer profiles and it runs and added 1 back seems ok for now tho , but just in case there a big bug zues-diagnostics-20191113-1401.zip Quote Link to comment
bonienl Posted November 13, 2019 Share Posted November 13, 2019 Highly unlikely your system crashes, and the diagnostics seem to confirm that. 1. What exactly did you configure as WireGuard settings? 2. There is something going on with Docker and its virtual interface is going up and down. You can try to test with the Docker service stopped Quote Link to comment
evocraigst Posted November 13, 2019 Share Posted November 13, 2019 24 minutes ago, bonienl said: Highly unlikely your system crashes, and the diagnostics seem to confirm that. 1. What exactly did you configure as WireGuard settings? 2. There is something going on with Docker and its virtual interface is going up and down. You can try to test with the Docker service stopped well all my dockers turn off and vms turn off and web gui is non responding could be net work issue then and servers in another room , wire guard server i can turn on , but having 2 peers ( clients ) set up is when it fails can duplicate ips cause this on peers , i deleted both and added one back and its still online 2 hours later tho Quote Link to comment
Trites Posted November 16, 2019 Share Posted November 16, 2019 (edited) On 11/13/2019 at 9:23 AM, Can0nfan said: under the wg0 tunnel Local endpoint: is your public facing IPv4 address under the peer (your phone) make sure peer end point is the static internal IP of your unraid server Hi Can0nfan, The endpoint is set to my subdomain.domain.tld . I don't have a static public IP, so I use ddclient to update my domain to my current IP when it changes. And I have tried setting it to my current IP to rule out any issue there. My phone talks to the server but won't complete the handshake as you can see there is data being sent and received on the server. I also tried my work android phone as well and its doing the same thing. It's like the server is actively blocking the connection when its seeing it from the external source as it will connect just fine if my phone is on the same network. This is the first service that I've had an issue getting it to connect externally. My openvpn-as docker is still working just fine at the moment. I'm going to update to rc6 and see if that helps any. Also a side note: With the VPN enabled on my phone I can still access the internet even though my VPN connection turned on. On my OpenVPN if I lose my VPN connection I lose connection to everything until my VPN reconnects (As a VPN should be). I'm not sure why wireguard is letting data flow though my cell connection and not trying to go though the VPN (even with the handshake not being established). Edit: RC6 didn't resolve the issue. Edited November 16, 2019 by Trites Update Quote Link to comment
ljm42 Posted November 16, 2019 Author Share Posted November 16, 2019 1 hour ago, Trites said: My phone talks to the server but won't complete the handshake as you can see there is data being sent and received on the server. I also tried my work android phone as well and its doing the same thing. It's like the server is actively blocking the connection when its seeing it from the external source as it will connect just fine if my phone is on the same network. Wireguard is very difficult to troubleshoot because it fails silently - there are no error messages or logs. But based on what you've said, it sounds like your port forward isn't working correctly. 1 hour ago, Trites said: Also a side note: With the VPN enabled on my phone I can still access the internet even though my VPN connection turned on. On my OpenVPN if I lose my VPN connection I lose connection to everything until my VPN reconnects (As a VPN should be). I'm not sure why wireguard is letting data flow though my cell connection and not trying to go though the VPN (even with the handshake not being established). By default the guide gets you setup with one of the "split tunneling" options, where only traffic destined for your server (or LAN) goes through the tunnel. If you want all your traffic to go through the tunnel you need to choose the "Remote tunneled access" option instead. I'd suggest getting "Remote access to LAN" working first though. Quote Link to comment
Trites Posted November 16, 2019 Share Posted November 16, 2019 (edited) 26 minutes ago, ljm42 said: Wireguard is very difficult to troubleshoot because it fails silently - there are no error messages or logs. But based on what you've said, it sounds like your port forward isn't working correctly. I thought it was a port forward issue as well. So I tried configuring wireguard to use UDP port 1194 (The port my openvpn uses) and I get the same results. Connect but no handshake. Edit: I think I'm going to setup my Dev Sever and test, just to verify its not a config issue on my Prod server. Edited November 16, 2019 by Trites Update Quote Link to comment
Ruato Posted November 20, 2019 Share Posted November 20, 2019 On 10/12/2019 at 5:15 AM, ljm42 said: Remote access to server: Use your phone or computer to remotely access your Unraid server, including: Unraid administration via the webgui Access dockers, VMs, and network shares as though you were physically connected to the network Remote access to LAN: Builds on "Remote access to server", allowing you to access your entire LAN as well. Remote tunneled access: Securely access the Internet from untrusted networks by routing all of your traffic through the VPN and out Unraid's Internet connection ... Understand that giving someone VPN access to your LAN is just like giving them physical access to your LAN, except they have it 24x7 when you aren't around to supervise. Only give access to people and devices that you trust, and make certain that the configuration details (particularly the private keys) are not passed around insecurely. Regardless of the "connection type" you choose, assume that anyone who gets access to this configuration information will be able to get full access to your network. I plan on installing wireguard for - Remote tunneled access - Remote access to server I guess, the remote tunneled access provides the same access to the LAN as remote access to LAN, right? So, what kind of access exactly this gives out? That is, what does this "Regardless of the "connection type" you choose, assume that anyone who gets access to this configuration information will be able to get full access to your network." mean in practice? Is the other party able to access the shares and server storage without any further authentication or do they still need to know the share and server passwords to achieve that? Quote Link to comment
bonienl Posted November 20, 2019 Share Posted November 20, 2019 When you look at the picture included in the built-in help, you will see that "Remote tunneled access" gives you access to the server, the LAN and the Internet. WireGuard provides unrestricted access, this means that once a tunnel is set up and access is allowed to server and/or LAN, the remote user has the same access rights as a local user. Be careful with sharing WireGuard configuration information (especially the keys) if don't want unsolicited users to access your systems. Quote Link to comment
Ruato Posted November 20, 2019 Share Posted November 20, 2019 1 hour ago, bonienl said: WireGuard provides unrestricted access, this means that once a tunnel is set up and access is allowed to server and/or LAN, the remote user has the same access rights as a local user. Be careful with sharing WireGuard configuration information (especially the keys) if don't want unsolicited users to access your systems. By "same access rights as a local user" you refer to a local user in the unraid server? So, the remote computer/user will have, for example, access to all the shares from inside the unraid server? The reason I am asking is that if the remote computer gets infected by, for example, a ransomware virus. What kind of access and risk this would had for the unraid server? Quote Link to comment
bonienl Posted November 20, 2019 Share Posted November 20, 2019 8 minutes ago, Ruato said: By "same access rights as a local user" you refer to a local user in the unraid server? No "local user" as another computer on your LAN accessing the Unraid server. 10 minutes ago, Ruato said: What kind of access and risk this would had for the unraid server? Similar risks as a local computer accessing your server. 1 Quote Link to comment
Ruato Posted November 20, 2019 Share Posted November 20, 2019 Good. Thank you for a fast reply. Quote Link to comment
SupremeArmchair Posted November 30, 2019 Share Posted November 30, 2019 I'm also having problems with the wireguard plugin. I followed the instructions under quickstart, and forwarded my router on port 51820 and set up my peer as my phone. However, I am unable to connect on my phone to wireguard. Even on the same WiFi as my server, my phone will still not be able to connect to wireguard. It seems unable to make a handshake with the server. Wireguard is on, peer is setup with a QR code and remote to LAN. Has anyone had an issue like this? Quote Link to comment
trurl Posted November 30, 2019 Share Posted November 30, 2019 On 11/13/2019 at 9:22 AM, evocraigst said: gui goes offline , all dockers and vm's turn off and have to hard reboot the system i deleted my 2 vpn peer profiles and it runs and added 1 back seems ok for now tho , but just in case there a big bug zues-diagnostics-20191113-1401.zip 167.49 kB · 1 download The fact you have allocated 50G to your docker image makes me suspect you have had issues with your docker applications filling the docker image, so perhaps your problem has nothing to do with wireguard at all. I always recommend 20G for docker image and it is extremely unlikely to need even that much. If your docker image is growing beyond 20G then you have one or more of your applications writing to a path that is not mapped. Making docker image larger will not fix that problem, it will just make it take longer to fill and corrupt. Also your system share is not on cache and not cache-prefer as it should be. Normally your docker image is in the system share, but I see you have yours at /mnt/user/docker.img. That is not in any user share and it isn't clear which disk that would be on. I had mine at /mnt/cache/docker.img for a long time and eventually put it in the system share just to get more in line with the standard way of doing things. I'm not entirely sure how a file at the top level of the user shares, and so not actually part of any user share, would be handled. So maybe you should clean up your docker setup and then see if you still have problems. Quote Link to comment
NewDisplayName Posted December 1, 2019 Share Posted December 1, 2019 I also have 50g allocated. (50% free) it depends much on how many dockers you have, there are fat dockers out there also! Quote Link to comment
NewDisplayName Posted December 4, 2019 Share Posted December 4, 2019 (edited) anyone found a solution to automatic reconnect to VPN? Every day, at some point, both of my mobiles need a manual "disable, enable" to be working again. Also any way to disable it in WLAN? (dont want to root) Edited December 4, 2019 by nuhll Quote Link to comment
SavellM Posted December 7, 2019 Share Posted December 7, 2019 With wireguard, if I set it up on my local network let's say 10.0.0.x and get my backup unRAID box all setup then move it to my parents place on a different IP range will wireguard just work? As in do the normal port forward to new IP but I'll still be able to just connect? I also gotta look into server to server wireguard as I'm planning to put in a backup off-site. What would be the best to sync to the backup? rsync? Quote Link to comment
turnipisum Posted December 8, 2019 Share Posted December 8, 2019 (edited) Got mine working but it will not work port forwarding to bonded nics, i had to port forward it to backup ip line any idea why? Edited December 8, 2019 by turnipisum Quote Link to comment
Viper359 Posted December 8, 2019 Share Posted December 8, 2019 So, I have this fully up and running. The speed is insane. I am easily getting speed tests of 100Mbps on my Gbit connection, and I don't have the greatest cell reception when testing. My question is, if my IP changes on my WAN, does Wireguard automagically see this and make the update, or do I have to manually stop wireguard and start it again? Quote Link to comment
GreenEyedMonster Posted December 8, 2019 Share Posted December 8, 2019 Random question. I would like to have two different Wireguard connections that I can connect to. One that has PIA (I know I'm going to change soon.) always on. So when I connect to Wireguard instance I also get my PIA address out of the network. The other one is just direct to my network with all traffic coming out of my home IP. They both would have full access to my home network. Is that something that would be possible? Quote Link to comment
Trites Posted December 10, 2019 Share Posted December 10, 2019 On 11/16/2019 at 5:55 PM, Trites said: I thought it was a port forward issue as well. So I tried configuring wireguard to use UDP port 1194 (The port my openvpn uses) and I get the same results. Connect but no handshake. Edit: I think I'm going to setup my Dev Sever and test, just to verify its not a config issue on my Prod server. So I never got a chance to get my Development server up and running but today I installed RC9 and decided to try this again. Its now working, I've changed nothing network wise since last time, only change was RC9. not sure what fixed it but its working. Quote Link to comment
INTEL Posted December 10, 2019 Share Posted December 10, 2019 Is it possible to configure client so it has access only to specific IP adress on the network? Or to specific docker container? I have some docker containers and VM in unraid that has different IP adress, can I somehow route client to have access only to specified docker containers or VM's? Quote Link to comment
bonienl Posted December 11, 2019 Share Posted December 11, 2019 On 12/8/2019 at 9:28 PM, GreenEyedMonster said: Random question. I would like to have two different Wireguard connections that I can connect to. One that has PIA (I know I'm going to change soon.) always on. So when I connect to Wireguard instance I also get my PIA address out of the network. The other one is just direct to my network with all traffic coming out of my home IP. They both would have full access to my home network. Is that something that would be possible? Possible but not at the same time. VPN tunneled access must be used exclusively. Quote Link to comment
bonienl Posted December 11, 2019 Share Posted December 11, 2019 20 hours ago, INTEL said: Is it possible to configure client so it has access only to specific IP adress on the network? Or to specific docker container? I have some docker containers and VM in unraid that has different IP adress, can I somehow route client to have access only to specified docker containers or VM's? To give access to a specific IP address on the client side, you need to set the "Peer allowed IPs" accordingly. I.e. enter the address(es) which may be reached Quote Link to comment
bonienl Posted December 11, 2019 Share Posted December 11, 2019 On 12/8/2019 at 6:14 PM, Viper359 said: My question is, if my IP changes on my WAN, does Wireguard automagically see this and make the update, or do I have to manually stop wireguard and start it again? When the WAN IP address changes, your router needs to take care of it. WireGuard will follow automatically. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.