WireGuard quickstart


Recommended Posts

So I got wireguard set up and can access all of my containers via the web ui except binhex-sabnzdb vpn container.  Tried searching for container access topics here but didn't find any comments with this particular issue.  I have sab set up in bridge mode. 

 

Wireguard is set up with remote tunneled access and tried remote access to server peer set up with the same results.

 

Would appreciate any thoughts on why this is occurring only for sab and if there is something I can change to make it accessible.

Link to comment
So I got wireguard set up and can access all of my containers via the web ui except binhex-sabnzdb vpn container. 


I think you need to add the wireguard tunnel IP range to the Lan Network variable in the Sab VPN docker. Just add it after your normal home LAN range, separated by a comma.

Edit: if you’re using the defaults for wireguard, the IP range to add to Sab is 10.253.0.0/24
  • Thanks 1
Link to comment
On 5/25/2021 at 2:33 PM, Jorgen said:

 


I think you need to add the wireguard tunnel IP range to the Lan Network variable in the Sab VPN docker. Just add it after your normal home LAN range, separated by a comma.

Edit: if you’re using the defaults for wireguard, the IP range to add to Sab is 10.253.0.0/24

 

Do you have any links I can read to get sab vpn setup with wireguard?  I am struggling mightily following different guides that have been made for other dockers but not for specifically getting wireguard (through mullvad) working with sab vpn.  I used the guide from Dad_Rage I found, but I can't access the web ui.

 

Edit - got to web ui, but now I'm getting a  [Errno 99] Address not available - Check for internet or DNS problems

Edited by NitrizzleStizzle
Link to comment
Do you have any links I can read to get sab vpn setup with wireguard?  I am struggling mightily following different guides that have been made for other dockers but not for specifically getting wireguard (through mullvad) working with sab vpn.  I used the guide from Dad_Rage I found, but I can't access the web ui.
 
Edit - got to web ui, but now I'm getting a  [Errno 99] Address not available - Check for internet or DNS problems

Are you talking about the same situation as Twinkie above, where you need to access Sab vpn while your client is connected via wireguard from outside your home network?
Or are you talking about setting up Sab vpn to use wireguard to connect to mullvad?
If it’s the latter, you’ll need to post the question in the support thread for the Sab vpn docker you’re using.


Sent from my iPhone using Tapatalk
Link to comment
On 3/13/2021 at 5:48 PM, Wanty said:

Hi, so tbh I am really lost about Wireguard. I've spent a day (more actually) on that trying different methods:

  • remote access to server
  • remote access to LAN
  • remote tunnelled access

I did setup my port forwarding correctly on port 51820 (internal and external) to my server (192.168.1.7) as UDP.

In Unraid my network interface (eth0 and eth1) have bridging enabled
I've tried with and without my dynDNS (duckdns) as a local endpoint
I also noticed that the local tunnel network pool is using /24 for subnet where my Wireguard client (my phone) was using /32. So I've tried /32 server & client side and also /24 server & client side.

I've tried with and without preshared key
I've tried with and without peer DNS server. And for the different DNS servers address used: 1.1.1.1 / 8.8.8.8 / 192.168.1.254 (my router)

 

As on client side, I did make sure that I was able to access my Unraid web interface and different services around (different ports) from my local network connected via WiFi.

As soon as I turn off WiFi and enable Wireguard I am not able to have a handshake nor I can access anything.

I've tried my local network local tunnel network on my phone none of them worked.

 

Here is more or less what I've used in my Wireguard settings

image.thumb.png.28669089df1ae5453dbe5f6f89b33426.png

 

I did disable battery saving abilities on my phone, background data & unrestricted data usage.

 

Someone would be able to help me ?

Thanks in advance

I have the same problem as you, did you manage to solve it?

 

I just started my 5th unraid server, and that is 5th time setting wireguard, and 1st time I cannot configure.

I have port forwarded (51820 UDP), wireguard is on 192.168.1.253, router is on 192.168.1.254.

Just a basic config - remote access to lan not working.

It's a fresh unraind install, basicly nothing on it, only wireguard plugin.

Link to comment

I have wireguard setup with "Remote access to server" so my laptop can access my unraid server.

 

I'm trying to understand how to access a VM that's running on unraid, but has it's own IP.

 

For example, my unraid server has IP of 192.168.1.2 and my VM has IP of 192.168.1.100.

For my wireguard tunnel and client setup, my unraid server then is accessible via 10.253.0.1. 

 

How do I access the VM?  Do I need to have it also connect as it's own Wireguard client?  I'm confused because when I read the first post it talks about VMs being accessible but I'm not sure how that works exactly becuase how can my laptop (when I'm away from my LAN and connected via Wireguard) be able to access the VM without an addressable IP?

Link to comment

hey all, hope everyone is well.

so after following this guide to a T, it says connected but nothing loads, even with set to remote tunnelled access, with 8.8.8.8 set I get nothing. 

 

also when I connect to the client on my phone, it won't even load the unread dashboard.

 

what have I missed

Link to comment
On 6/2/2021 at 9:38 PM, tmchow said:

I have wireguard setup with "Remote access to server" so my laptop can access my unraid server.

 

I'm trying to understand how to access a VM that's running on unraid, but has it's own IP.

 

For example, my unraid server has IP of 192.168.1.2 and my VM has IP of 192.168.1.100.

 

"Remote access to server" will give you access to the server's main tunnel IP. If you want to access IPs on the Unraid server's network you want "Remote access to LAN". Be sure to update the client config after making this change.

 

If you run into trouble, see the "Complex networks" section of the first post as there are certain settings that conflict with each other.

Link to comment
7 minutes ago, ljm42 said:

"Remote access to server" will give you access to the server's main IP. If you want to access other IPs on the network you want "Remote access to LAN". Be sure to update the client config after making this change.

 

If you run into trouble, see the "Complex networks" section of the first post as there are certain settings that conflict with each other.

 

In my example where my setup is this:

  • unraid server has IP of 192.168.1.2
  • VM has IP of 192.168.1.100
  • When connected via wireguard my unraid server is 10.253.0.1

If i make the change to "Remote access to LAN", what is the IP of the VM? Is it just addressed with 192.168.1.100 still and counts on no network conflict?

Link to comment
41 minutes ago, tmchow said:

If i make the change to "Remote access to LAN", what is the IP of the VM? Is it just addressed with 192.168.1.100 still and counts on no network conflict?

 

The VM will be accessed via its usual IP of 192.168.1.100. 

 

In terms of avoiding conflicts, when you choose "Remote access to LAN" the webgui will give you a warning that the peer's network cannot use the same network range as Unraid's network:

image.png

Link to comment

I can no longer get Wireguard to work. I previously had it running for months without any issues and loved the convenience of it.

I recently transitioned to Cloudflare DDNS from DuckDNS whilst settuping NGINX Proxy Manager for the first time. 

I deleted the Wireguard folder from the /boot/config folder in an attempt to reinstall the plugin from scratch, but now I cannot create a tunnel, let alone a new peer.
When I click apply, nothing is saved and it prompts me to create the tunnel again.

I have also noticed it constantly tells me " UPnP: forwarding not set" despite the fact I have had the portforwarding setup for months and never made any adjustments on the router.

please help!

Link to comment
I can no longer get Wireguard to work. I previously had it running for months without any issues and loved the convenience of it.
I recently transitioned to Cloudflare DDNS from DuckDNS whilst settuping NGINX Proxy Manager for the first time. 
I deleted the Wireguard folder from the /boot/config folder in an attempt to reinstall the plugin from scratch, but now I cannot create a tunnel, let alone a new peer.
When I click apply, nothing is saved and it prompts me to create the tunnel again.
I have also noticed it constantly tells me " UPnP: forwarding not set" despite the fact I have had the portforwarding setup for months and never made any adjustments on the router.
please help!
I'd recommend rebooting so it can recreate the necessary folder on the flash drive as it comes back up.

Also, be sure to read the note in the second post of this thread about disabling the cloudflare dns proxy. It doesn't work with wireguard traffic, only http traffic

Sent from my GM1917 using Tapatalk

Link to comment

im having some issues getting all my traffic routed through my unraid server.

 

I can connect both from my laptop and my phone to via VPN to the unraid server without any issues when its set to remote tunneled access but it seems like not all my traffic is routed through the server as my ip address on my phone and my laptop does not change at all.

 

This was very annoying in the last two weeks as i wanted to use my VPN to make netflix think im still in my home country but it never worked.

 

does anyone have any idea whats going on here?

Link to comment

Hello,

 

sorry if this was already asked, but can I use the vpn manager to import a tunnel and to connect to a different wg-server over this plugin or is this not possible and the plugin is only working as a server?

 

Purpose want to connect to a client where I run a wg-server at rpi and rsync files between two NAS.

Link to comment
On 10/12/2019 at 4:15 AM, ljm42 said:

With "Use NAT" = No and "Host access to custom networks" = enabled and static route 

  • server and dockers on bridge/host - accessible!

  • VMs and other systems on LAN - accessible!

  • dockers with custom IP - accessible!

  • (woohoo! the recommended setup for complex networks)

Suddenly, I was having issues accessing my Dockers on custom VLAN's.  It was working fine last year and it stopped working around starting this year, doesn't know exactly when (Dockers on Bridge/Host and pfsense in a VM were still working fine.)

 

I now found a solution:

"Host access to custom networks" = disabled

 

This fixed the issue for me completely. In the network tabs, all routes for "shim-br0.xx" disappeared. But it's working now, so I am happy :)

Link to comment
4 hours ago, PsYcRo said:

Hello,

 

sorry if this was already asked, but can I use the vpn manager to import a tunnel and to connect to a different wg-server over this plugin or is this not possible and the plugin is only working as a server?

 

Purpose want to connect to a client where I run a wg-server at rpi and rsync files between two NAS.

 

Yep, there is an "Import Tunnel" button in the upper right corner

 

image.png

Link to comment
On 6/13/2021 at 3:49 AM, Pixel5 said:

im having some issues getting all my traffic routed through my unraid server.

 

I can connect both from my laptop and my phone to via VPN to the unraid server without any issues when its set to remote tunneled access but it seems like not all my traffic is routed through the server as my ip address on my phone and my laptop does not change at all.

 

This was very annoying in the last two weeks as i wanted to use my VPN to make netflix think im still in my home country but it never worked.

 

does anyone have any idea whats going on here?

 

With your phone on your home network along with Unraid (and WireGuard disabled) visit this page to find the external IP for that network:

  https://www.whatismyip.com/

 

Then leave your home and make a "Remote Tunneled Access" WireGuard connection to Unraid. Visit the website above and confirm you have the same external IP as your home network. If you don't, then perhaps you made a change to the WireGuard config on the server and forgot to update the client?

 

If the IP addresses are the same then in theory Netflix should think you are on your home network when you VPN there. If it doesn't, then perhaps they are using other signals to determine where you are located, such as GPS?

Link to comment
11 hours ago, ljm42 said:

 

Yep, there is an "Import Tunnel" button in the upper right corner

 

image.png

Thats what I have already done but after the import where can I connect to it. The Gui seems very chaotic from first for a new user like me. I have wireguard on different rpi installed but that was straight forward. in my example I have wg0 now imported but where can I now connect to it:

 

image.thumb.png.84431132c742769377529b4f5426a5d1.png

 

Link to comment
11 hours ago, ljm42 said:

 

With your phone on your home network along with Unraid (and WireGuard disabled) visit this page to find the external IP for that network:

  https://www.whatismyip.com/

 

Then leave your home and make a "Remote Tunneled Access" WireGuard connection to Unraid. Visit the website above and confirm you have the same external IP as your home network. If you don't, then perhaps you made a change to the WireGuard config on the server and forgot to update the client?

 

If the IP addresses are the same then in theory Netflix should think you are on your home network when you VPN there. If it doesn't, then perhaps they are using other signals to determine where you are located, such as GPS?

 

i have solved this problem now with the help from some people on the unraid subreddit.

the problem was that allowed IP´s needed to contain 0.0.0.0/0 in order to route all traffic through the VPN.

Link to comment
31 minutes ago, Pixel5 said:

 

i have solved this problem now with the help from some people on the unraid subreddit.

the problem was that allowed IP´s needed to contain 0.0.0.0/0 in order to route all traffic through the VPN.

 

Click the little "eye" icon on the right side of the peer, this will show you the config file the system setup for this peer. If the peer is set to "Remote tunneled access" then you should see: AllowedIPs=0.0.0.0/0

 

If the config file on the client had a different setting, then you forgot to update the client after changing the "peer type of access" here.

Link to comment
34 minutes ago, PsYcRo said:

Thats what I have already done but after the import where can I connect to it. The Gui seems very chaotic from first for a new user like me. I have wireguard on different rpi installed but that was straight forward. in my example I have wg0 now imported but where can I now connect to it:

 

image.thumb.png.84431132c742769377529b4f5426a5d1.png

 

 

Change the "basic" slider to "advanced" to see more of the settings from your config file. Change "inactive" to "active" to start the tunnel.

Link to comment
59 minutes ago, ljm42 said:

 

Change the "basic" slider to "advanced" to see more of the settings from your config file. Change "inactive" to "active" to start the tunnel.

I already tried it with the slider active but no response...

Here is the requested screenshot:

 

image.thumb.png.ae8fd051e03dbb08299054d04a4dbf18.png

Link to comment
8 hours ago, PsYcRo said:

I already tried it with the slider active but no response...

Here is the requested screenshot:

 

image.thumb.png.ae8fd051e03dbb08299054d04a4dbf18.png

 

Looks like it defaulted to "VPN tunneled access". I don't think that is what you want, probably "Remote Access to Server".  You can turn on the help to see the difference. I'd recommend clicking the little "eye" icons on the right side of the screen to see what the configs look like. You may need to make further tweaks until the configs look like what the rpi is expecting.

 

Also, click the "key" icons and confirm that the local tunnel has both a public and private key, and that the peer has at least a public key. You don't need to include those in any screenshots though. The same keys will be visible if you click the "eye" icons.

 

Also there is a peer endpoint but not a local endpoint, that means your server has to make an outgoing request to start the tunnel. If you want either end to be able to start the tunnel, add a local endpoint here and a peer endpoint on the other end (edit: you'll also need a port forward on this end)

 

How do you plan to test this? Note that the WireGuard connection is only on the server, it is not shared with your LAN. Will you be transferring files from the command line or through a docker?

(FYI, LAN to LAN is possible as well, although a bit more complicated: https://forums.unraid.net/topic/88906-lan-to-lan-wireguard/ ) 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.