tknx Posted May 5, 2020 Share Posted May 5, 2020 So I am not getting a handshake and I just get a little bit of data transfer. Wireguard and UniFi settings here - would love to know what is wrong. My dynamic DNS works fine for other purposes. Quote Link to comment
ljm42 Posted May 5, 2020 Author Share Posted May 5, 2020 2 hours ago, tknx said: So I am not getting a handshake and I just get a little bit of data transfer. Wireguard and UniFi settings here - would love to know what is wrong. My dynamic DNS works fine for other purposes. Is this your first attempt at a connection? You are jumping all the way into the deep end Take it a step at a time and get a basic connection going before you start messing with a local DNS server. You need to isolate what is a WireGuard connection problem from a routing problem. Speaking of routing, there is a typo in your static route. It should 10.253.0.0/24 not 10.0.253.0/24 I don't use IPV6. It may help to disable IPV6 initially just to rule out issues. Quote Link to comment
tknx Posted May 5, 2020 Share Posted May 5, 2020 @ljm42 Thanks for the tips - I did have it working before but had to reset up everything. So I turned off IPv6 and fixed that typo, and now I don't even get those bits. I noticed that it is randomizing the listen port on my phone every time i connect - is that supposed to happen? Or should that be 51820? Quote Link to comment
ljm42 Posted May 5, 2020 Author Share Posted May 5, 2020 7 minutes ago, tknx said: @ljm42 Thanks for the tips - I did have it working before but had to reset up everything. So I turned off IPv6 and fixed that typo, and now I don't even get those bits. I noticed that it is randomizing the listen port on my phone every time i connect - is that supposed to happen? Or should that be 51820? The listen port on the phone doesn't matter. I'd suggest dropping the DNS and change to "Remote access to LAN" and see if you can get that working. Basically, make it as simple as possible until you get a connection working, then start adding things in. Be sure to read the general troubleshooting tips in the first two posts as well. Quote Link to comment
tknx Posted May 6, 2020 Share Posted May 6, 2020 OK - tried cutting it to LAN and couldn't get it working. I'll play around more and report back whatever it is I messed up. Quote Link to comment
klogg Posted May 6, 2020 Share Posted May 6, 2020 18 hours ago, tknx said: I am not getting a handshake I am experiencing exactly the same problem. It worked for a while, some time ago I changed something (unRAID update? Can't remember) and it never worked again. I have; deleted and set up from scratch, removed to the plug-in, reinstalled and configured, removed again and deleted the files from flash, set up from scratch following the guide and Spaceinvader One's video. Never handshakes, never can see the server when connecting from my phone's cellular connection. Set up as "Remote access to server". One other odd thing is if I change the connection type to "Remote access to LAN" then it recommends the wrong IP range when setting up my peer, but sees the right range in the port forwarding comment. Highlighted in red, port forward to x.x.10.x, static router Any ideas what I can try next? Desired end state is to be able to access the locally running containers and ports, as well as dedicated IPs for local VMs and other machines on the LAN. Thanks. Quote Link to comment
Maor Posted May 6, 2020 Share Posted May 6, 2020 This is just feedback for the guys. I totally love the WG VPN. Best part is, that it runs independently on the status of the array. Befare that, I had VPN dockers, which required the array to be started. I just had a power outage and thus my Unraid rebooted and required to manually start the array. And I could do that thanks to WG. The only issue I have is with windows client, which required rebooting and manual edits of the config to get it working. And the log is useless, is says, everything started, but it never got to handshake. Hopefully this will get resolved quickly by WG devs. Quote Link to comment
tknx Posted May 8, 2020 Share Posted May 8, 2020 @ljm42 and others: A bit of a bug report here: So recently I lost all network connectivity outside of the unraid web portal and some internal addressing on my Unraid server. I couldn't ping other websites from the server (either by name or IP address), etc. Often it would manage to get something slowly using IPv6, but couldn't get IPv4 to work. Finally noticed that it was pinging from 10.253.0.1. Somehow Wireguard's network had taken over the servers network stack and was screwing everything up. Deactivating it seemed to fix all my networking issues. Logs in this thread: Quote Link to comment
Jeffarese Posted May 19, 2020 Share Posted May 19, 2020 Is there any way to router only specific docker containers through Wireguard while keeping the rest of the traffic normal? Quote Link to comment
ptr78 Posted May 19, 2020 Share Posted May 19, 2020 (edited) Hi, I have a wireguard remote tunneled access up and running and it works beautifully. However, how can I configure the wireguard client so that it would not use the tunnel for local addressed (192.168.1.0/24)? I thought that it would have been discussed already but I didn't find it. So, is there a way to exclude the local packets to be sent to the tunnel? The client is Windows10 computer. Any help very much appreciated, thank you! >>> Found a solution (kind of) with more googling. Seems that it is a Wireguard Windows client issue. https://williamjshipman.wordpress.com/2019/12/31/wireguard-vpn-on-windows/ Edited May 19, 2020 by ptr78 Solution found. Quote Link to comment
ljm42 Posted May 20, 2020 Author Share Posted May 20, 2020 9 hours ago, ptr78 said: Hi, I have a wireguard remote tunneled access up and running and it works beautifully. However, how can I configure the wireguard client so that it would not use the tunnel for local addressed (192.168.1.0/24)? I thought that it would have been discussed already but I didn't find it. So, is there a way to exclude the local packets to be sent to the tunnel? The client is Windows10 computer. Any help very much appreciated, thank you! >>> Found a solution (kind of) with more googling. Seems that it is a Wireguard Windows client issue. https://williamjshipman.wordpress.com/2019/12/31/wireguard-vpn-on-windows/ I'd suggest taking a closer look at the options described in the first post of this thread. The only option that would route all of of the client's traffic through the tunnel is the "remote tunneled access" option. If you choose one of the other options, such as "remote access to LAN" then it uses split-tunneling and only traffic destined for Unraid's network would go through the tunnel. Quote Link to comment
ljm42 Posted May 20, 2020 Author Share Posted May 20, 2020 16 hours ago, Jeffarese said: Is there any way to router only specific docker containers through Wireguard while keeping the rest of the traffic normal? It is possible in theory but we haven't figured it out yet. This is the thread you are looking for: Quote Link to comment
ljm42 Posted May 20, 2020 Author Share Posted May 20, 2020 On 5/6/2020 at 8:04 AM, klogg said: One other odd thing is if I change the connection type to "Remote access to LAN" then it recommends the wrong IP range when setting up my peer, but sees the right range in the port forwarding comment. Highlighted in red, port forward to x.x.10.x, static router Perhaps you inadvertently changed your network settings? Post a screenshot of what you see on Settings -> Network Quote Link to comment
Jeffarese Posted May 20, 2020 Share Posted May 20, 2020 8 hours ago, ljm42 said: It is possible in theory but we haven't figured it out yet. This is the thread you are looking for: I had already seen that post, but there's still no info about how to do what I need Quote Link to comment
ljm42 Posted May 21, 2020 Author Share Posted May 21, 2020 15 hours ago, Jeffarese said: I had already seen that post, but there's still no info about how to do what I need as I said, it is possible in theory but we haven't figured it out yet Quote Link to comment
klogg Posted May 22, 2020 Share Posted May 22, 2020 On 5/19/2020 at 11:31 PM, ljm42 said: Perhaps you inadvertently changed your network settings? Post a screenshot of what you see on Settings -> Network @ljm42, thanks for replying. Just this morning I had a chance to dig back in and figure it out. I don't know why it broke, but this is how I fixed it (for posterity, in case others have a similar problem). 1) I found this post referencing how to delete wg0 from the network config. Quote ifconfig still showed my br0 and wg0 configs. [Typing this in the terminal removed the unwanted old interface.] ip link delete wg0 2) This following post from yourself identified the right config files to purge. I did this. Quote The files are in /boot/config/wireguard/ . If you delete those files and reboot then you can start fresh. 3) reboot. 4) Follow the guide on the unRAID blog. 5) Add a DNS entry, because any non-local URLs failed to load. Boom, back in business! Appreciate the reply, and all your efforts throughout this thread, it got me where I was going. /klogg Quote Link to comment
Snickers Posted May 27, 2020 Share Posted May 27, 2020 (edited) ... Edited May 27, 2020 by Snickers Quote Link to comment
ClintonRH Posted May 28, 2020 Share Posted May 28, 2020 (edited) Ok I was absolutely ripping my hair out the last few days. I had a Wireguard tunnel setup that was working last week, and it stopped unexpectedly. We had a power outage Sunday night and I've been haphazardly banging away at this whenever I get some time ever since, the UPS worked and Unraid shut down gracefully. The rest of the network stayed up on the UPS and was still running when the power came back on so my PFSense router/firewall never rebooted. With Wireguard tunneled to the Unraid server I was able to access local network resources if I connected to them by IP address but anything accessed with a domain name was broken. My DNS requests to the local DNS Resolver were being refused and I couldn't figure out why because there was NOTHING about refused requests in the router logs and everything on the local LAN was still working including remote access through OpenVPN to the router directly. If I set the Peer DNS to something on the greater internet I could tunnel access internet things by domain but local stuff was broken still. I've been absolutely pulling my hair out ever since and I FINALLY figured it out. It doesn't make sense to me why it was working before then it broke when nothing in any relevant configuration should have changed (last update/restart for PFSense was several weeks ago. It's been rebooted since then because things were borked but an update/restart shouldn't have been the cause). Here's my solution if anyone else stumbles on this with the Googler :: in PFSENSE->Services->DNS Resolver->Access Lists create an new ALLOW access list for your Wireguard IPeer Endpoint IP block (192.168.8.0/24 for me, yours likely still the default 10.253.0.0/24). I previously had no access lists defined and everything was working. I don't get it but I just happy to finally be able to access LAN resources by name again and use my local DNS server when tunneled in. Just sharing some knowledge if anyone else is ever being driven crazy by this. Edited May 28, 2020 by ClintonRH Quote Link to comment
danktankk Posted May 28, 2020 Share Posted May 28, 2020 (edited) I seem to have accidentally added some extra tunnels in the wireguard config and do not have a way to delete them that I can see. WG0 is deletedable as shown below but is not the issue: There is no delete button for the other two tunnels that were created accidentally that I want to remove: I have looked in network settings and WG1 and WG2 are not there to delete either. **Another strange issue I am having is when I disconnect wireguard VPN, the unraid interface doesnt seem to get the memo: In the picture above i test connected for about 20 seconds. After disconnect, it just keeps adding connected time. What made me notice this issue was that I had not logged into my unraid server for about 4 days (small vacation), and there was 4 days of wireguard uptime when I hadnt been connected but for a few minutes and then shut it off. Any advice would be appreciated on these 2 small issues. Thanks in advance! Edited June 1, 2020 by danktankk Quote Link to comment
Hoopster Posted June 1, 2020 Share Posted June 1, 2020 On 5/28/2020 at 1:20 PM, danktankk said: I seem to have accidentally added some extra tunnels in the wireguard config and do not have a way to delete them that I can see. Have you tried deleting the wgX.conf file from the /config/wireguard folder on the flash drive? 1 Quote Link to comment
ljm42 Posted June 1, 2020 Author Share Posted June 1, 2020 On 5/28/2020 at 12:20 PM, danktankk said: There is no delete button for the other two tunnels that were created accidentally that I want to remove: Move the slider from "basic" to "advanced", that will enable the "delete tunnel" button. Quote Link to comment
danktankk Posted June 1, 2020 Share Posted June 1, 2020 23 minutes ago, Hoopster said: Have you tried deleting the wgX.conf file from the /config/wireguard folder on the flash drive? No, I have not. I will look into that in the morning. Thank you for the suggestion. Quote Link to comment
danktankk Posted June 1, 2020 Share Posted June 1, 2020 5 minutes ago, ljm42 said: Move the slider from "basic" to "advanced", that will enable the "delete tunnel" button. This does not happen in my case as shown by the pictures submitted above in my original post. The delete option is indeed there for WG0, but not for the other two that i would like to remove. Thank you for the reply. Quote Link to comment
ljm42 Posted June 1, 2020 Author Share Posted June 1, 2020 1 minute ago, danktankk said: This does not happen in my case as shown by the pictures submitted above in my original post. The delete option is indeed there for WG0, but not for the other two that i would like to remove. Thank you for the reply. Your screenshot shows each of those tunnels are still in "basic" mode. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.