WireGuard quickstart


Recommended Posts

19 hours ago, Fuggin said:

Actually a problem... I inadvertently made 2 tunnels. How do I delete wg1? I tried the command on the console but it wouldn't work.

 

Change the slider from Basic to Advanced, then a Delete Tunnel button will appear.

  • Like 1
Link to comment

Anyone using Untangle or OPNSENSE for the firewall? Based on my evaluation of these two software, there is no "bypass firewall rule..." checkbox like pfsense has to allow for asymmetric routing. How can I achieve the same function as the bypass by using additional policy/NAT/routing rules?

Link to comment
17 hours ago, timmyx said:

Well I can't get wireguard to work consistently

Everytime I reboot or shutdown it's gone

 

"Gone" as in not started? Do you have the tunnel set to autostart?

 

Or "Gone" as in nothing is there and you have to recreate it? The files are stored in the config/wireguard folder on your flash drive. If those files go missing then I'd suspect an issue with your flash drive. We may be able to confirm issues with the flash drive if you upload your diagnostics zip file ( from Tools -> Diagnostics )

Link to comment

Im having a strange problem and i cannot figure out whats wrong

I edited a peer recently and from that point forward i cannot activate the tunnel.

 

I did try to save it, remove it and re-import but whenever i add in "peer allowed IPs" the LAN network with x.x.x.x/24 the tunnel wont activate.

 

Tunnel:

Local tunnel network pool: 10.245.0.0/24
Local tunnel address: 10.245.0.1
Endpoint: [redacted, static ip]:51820
Local server uses NAT: No (i tried with Yes, nothing changes)

First Peer:

Peer name: something
Peer type of access: Remote access to LAN
Peer tunnel address: 10.245.0.2
Peer allowed IPs: 10.245.0.2

 

Whenever i put (192.168.10.0/24 is the lan)

Peer allowed IPs: 10.245.0.2, 192.168.10.0/24

 

The tunnel wont stay On, if i press on the button it moves but if i F5 the page or go to another and come back is OFF.

Syslog just says that the tunnel turned on and off

There is a more useful log for wireguard? There is nothing in /var/log

 

On this machine i have already a tunnel server to server that works flawlessy

Link to comment
6 minutes ago, bonienl said:

Open a terminal session from your browser (>_ button) and type

 


wg-quick up wg0

 

Assuming wg0 is the tunnel you want to activate, check the responses for errors.

 

 

 

Here's the output:

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.245.0.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.245.0.2/32 dev wg0
[#] ip -4 route add 192.168.10.0/24 dev wg0
RTNETLINK answers: File exists
[#] ip link delete dev wg0

 

Guess that the error is File exists

what does that mean?

Link to comment

If you want the peer to access your LAN, change the type of access to "Remote access for LAN" and the LAN subnet will be added to the peer configuration (don't forget to update the peer configuration).

 

The setting "Peer allowed IPs" tells what the Unraid server is allowed to access on the peer, and since 192.168.10.0/24 is your local subnet it can not exist on the peer as well.

 

This is from the help in the GUI

 

This field is automatically filled in with the tunnel address of the peer. This allows the server to reach the peer over the tunnel.
When the peer is another server or router with additional networks, then their subnets can be added here to make these networks reachable over the tunnel.

 

Link to comment
16 minutes ago, bonienl said:

If you want the peer to access your LAN, change the type of access to "Remote access for LAN" and the LAN subnet will be added to the peer configuration (don't forget to update the peer configuration).

 

The setting "Peer allowed IPs" tells what the Unraid server is allowed to access on the peer, and since 192.168.10.0/24 is your local subnet it can not exist on the peer as well.

 

This is from the help in the GUI

 

This field is automatically filled in with the tunnel address of the peer. This allows the server to reach the peer over the tunnel.
When the peer is another server or router with additional networks, then their subnets can be added here to make these networks reachable over the tunnel.

 

 

Well it was already on Remote access to LAN

I can connect but i can access only the unraid server and nothing on the lan

 

 

red.jpg

Edited by exico
added screenshot
Link to comment

Are you sure the peer has the correct configuration? It needs to include your LAN subnet.

 

You need to set Local server uses NAT = Yes

This allows other devices on your LAN to communicate over the tunnel to the remote peer.

If you are trying to access docker containers on their custom network address, you will need to do additional steps, which are explained in the Wireguard guide.

 

Link to comment

Yeah, my config includes allowed ips:

 

[Interface]
PrivateKey = REDACTED
Address = 10.249.0.2/32

[Peer]
PublicKey = REDACTED
PresharedKey = REDACTED
AllowedIPs = 10.249.0.1/32, 192.168.10.0/24
Endpoint = REDACTED:51820

 

NAT is on Yes as per screenshot

What I'm trying to access is something. I tried the server ipmi, the web interface of the switch, pfsense interface on the router. Nothing pops up, just the unraid works and shows up

Everything worked fine before...

Link to comment

I did not, just tried and nothing changed.

 

Just an hypotesis, can the setting "Host access to custom networks" set to enable in the docker settings be a problem?

I will have to wait to stop dockers to test this atm cause there is a task running

Link to comment

Hi all,  I have set up wireguard and I can access internet and local lan from my android phone when out and about. However when I tried to use the wireguard config with ubuntu I can only access the internet, not the lan. This means that I cannot access my unraid server (the main purpose of running wireguard).

 

I have pretty much used all the standard / default settings and I am tunnelling all traffic, with 0.0.0.0/0 in my config file.

 

Does anyone have any suggestions?

Link to comment
On 7/10/2021 at 12:54 AM, dannydev said:

Hey guys, I know this was referenced recently but is there a way to route only certain containers/VMs through the "VPN tunneled access" feature? When using my current config generated from pia-wg, it attempts to route all data going out of the server to the VPN.

 

This thread has the latest info on connecting to commercial providers:  

There has been no change in regards to individual dockers, so what you see on the first post there is still correct.

Link to comment
On 7/13/2021 at 2:36 PM, ezzys said:

Hi all,  I have set up wireguard and I can access internet and local lan from my android phone when out and about. However when I tried to use the wireguard config with ubuntu I can only access the internet, not the lan. This means that I cannot access my unraid server (the main purpose of running wireguard).

 

I have pretty much used all the standard / default settings and I am tunnelling all traffic, with 0.0.0.0/0 in my config file.

 

Does anyone have any suggestions?

 

So your phone and Ubuntu clients are configured identically in the Unraid webgui, but they behave differently? It would have to be something about the Ubuntu client or the network it is on that is causing the issue. For instance, if the Ubuntu client and the Unraid server are both on the same subnet then things will not work correctly. Or if the Ubuntu client has a firewall perhaps it is blocking access to certain subnets.  I would start by troubleshooting the Ubuntu client since you know the configuration works correctly on the phone.

 

Link to comment
On 7/1/2021 at 2:22 PM, ljm42 said:

 

"Gone" as in not started? Do you have the tunnel set to autostart?

 

Or "Gone" as in nothing is there and you have to recreate it? The files are stored in the config/wireguard folder on your flash drive. If those files go missing then I'd suspect an issue with your flash drive. We may be able to confirm issues with the flash drive if you upload your diagnostics zip file ( from Tools -> Diagnostics )

I'm sorry, I mean the connection never gets through again. All settings are there, auto-start on, but once the server is rebooted, the tunnel stops working

 

Am I the only one with this sort of problem? :(

Link to comment
  • 5 weeks later...

I used to have a Wireguard tunnel set up and running, but I was unable to get remote working by using my domain name (only my server IP would work remotely). I was able to use this to access the WebGUI remotely.

 

I recently switched from using Google domain, to using Cloudflare for DNS management. I have been able to get everything set up to where I can now access docker containers like Jellyfin remotely (using Nginx Proxy Manager).

 

I have read that you should not use NPM to access your WebGUI remotely. So I am trying to set up up a Wireguard tunnel again. 

 

I can not seem to get it to work properly. 

 

Right now I am able to connect to the Tunnel/Peer I set up on my phone. If I try to go to mydomain.com, it directs me to the NPM 'Congratulations' landing page. I want it to work where going to mydomain.com sends me to my Unraid WebGUI. If I try to access my WebGUI by going to 192.xxx.x.xxx it just times out and doesnt take me anywhere. 

 

Where am I messing up? I'm not sure if I'm missing something on my router (Unifi), Cloudflare, NPM, or unraid GUI. 

 

Any help would be much appreciated. 

 

**edit**

 

All of the above was on my Phone, not connected to my LAN. When I connect to my LAN, I am able to access my WebGUI by going to 192.xxx.x.xxx, and if I go to mydomain.com I still get the NPM 'Congratulations' landing page.

 

**edit #2**

 

I was not able to get anything to work at all when selecting 'remote tunnel access'. When I switched to 'Remote access to LAN' that is when I started to be able to access the internet, and the NPM 'Congratulations' landing page. 

Edited by hive_minded
Link to comment

 

On 8/15/2021 at 11:52 AM, hive_minded said:

I want it to work where going to mydomain.com sends me to my Unraid WebGUI

 

WireGuard VPN does not change the url to your webgui. It is intended to give your remote device access to your network as though it were connected directly to the network.

 

On 8/15/2021 at 11:52 AM, hive_minded said:

I was not able to get anything to work at all when selecting 'remote tunnel access'. When I switched to 'Remote access to LAN' that is when I started to be able to access the internet, and the NPM 'Congratulations' landing page. 

 

If VPN works on "Remote access to LAN" but not "Remote tunneled access", there is likely a DNS issue. Switch from basic view to advanced and set the "Peer DNS server", either to the DNS server on Unraid's LAN (if there is one) or a global DNS server like 8.8.8.8

 

Don't forget that every time you make a change to the WireGuard config settings, you need to download the new config file to your phone

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.