ljm42 Posted June 22, 2021 Author Share Posted June 22, 2021 19 hours ago, Fuggin said: Actually a problem... I inadvertently made 2 tunnels. How do I delete wg1? I tried the command on the console but it wouldn't work. Change the slider from Basic to Advanced, then a Delete Tunnel button will appear. 1 Quote Link to comment
jfoxwoosh Posted June 25, 2021 Share Posted June 25, 2021 Anyone using Untangle or OPNSENSE for the firewall? Based on my evaluation of these two software, there is no "bypass firewall rule..." checkbox like pfsense has to allow for asymmetric routing. How can I achieve the same function as the bypass by using additional policy/NAT/routing rules? Quote Link to comment
timmyx Posted June 30, 2021 Share Posted June 30, 2021 On 3/4/2021 at 1:41 PM, ljm42 said: Do you use the "local tunnel firewall"? There is a fix in Unraid 6.9.0 that should resolve a problem with the local tunnel firewall on reboot, see: https://forums.unraid.net/topic/84229-dynamix-wireguard-vpn/page/18/?tab=comments#comment-944303 Well I can't get wireguard to work consistently Everytime I reboot or shutdown it's gone Quote Link to comment
ljm42 Posted July 1, 2021 Author Share Posted July 1, 2021 17 hours ago, timmyx said: Well I can't get wireguard to work consistently Everytime I reboot or shutdown it's gone "Gone" as in not started? Do you have the tunnel set to autostart? Or "Gone" as in nothing is there and you have to recreate it? The files are stored in the config/wireguard folder on your flash drive. If those files go missing then I'd suspect an issue with your flash drive. We may be able to confirm issues with the flash drive if you upload your diagnostics zip file ( from Tools -> Diagnostics ) Quote Link to comment
exico Posted July 5, 2021 Share Posted July 5, 2021 Im having a strange problem and i cannot figure out whats wrong I edited a peer recently and from that point forward i cannot activate the tunnel. I did try to save it, remove it and re-import but whenever i add in "peer allowed IPs" the LAN network with x.x.x.x/24 the tunnel wont activate. Tunnel: Local tunnel network pool: 10.245.0.0/24 Local tunnel address: 10.245.0.1 Endpoint: [redacted, static ip]:51820 Local server uses NAT: No (i tried with Yes, nothing changes) First Peer: Peer name: something Peer type of access: Remote access to LAN Peer tunnel address: 10.245.0.2 Peer allowed IPs: 10.245.0.2 Whenever i put (192.168.10.0/24 is the lan) Peer allowed IPs: 10.245.0.2, 192.168.10.0/24 The tunnel wont stay On, if i press on the button it moves but if i F5 the page or go to another and come back is OFF. Syslog just says that the tunnel turned on and off There is a more useful log for wireguard? There is nothing in /var/log On this machine i have already a tunnel server to server that works flawlessy Quote Link to comment
bonienl Posted July 5, 2021 Share Posted July 5, 2021 Open a terminal session from your browser (>_ button) and type wg-quick up wg0 Assuming wg0 is the tunnel you want to activate, check the responses for errors. Quote Link to comment
exico Posted July 5, 2021 Share Posted July 5, 2021 6 minutes ago, bonienl said: Open a terminal session from your browser (>_ button) and type wg-quick up wg0 Assuming wg0 is the tunnel you want to activate, check the responses for errors. Here's the output: [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.245.0.1 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add 10.245.0.2/32 dev wg0 [#] ip -4 route add 192.168.10.0/24 dev wg0 RTNETLINK answers: File exists [#] ip link delete dev wg0 Guess that the error is File exists what does that mean? Quote Link to comment
bonienl Posted July 5, 2021 Share Posted July 5, 2021 If you want the peer to access your LAN, change the type of access to "Remote access for LAN" and the LAN subnet will be added to the peer configuration (don't forget to update the peer configuration). The setting "Peer allowed IPs" tells what the Unraid server is allowed to access on the peer, and since 192.168.10.0/24 is your local subnet it can not exist on the peer as well. This is from the help in the GUI This field is automatically filled in with the tunnel address of the peer. This allows the server to reach the peer over the tunnel. When the peer is another server or router with additional networks, then their subnets can be added here to make these networks reachable over the tunnel. Quote Link to comment
exico Posted July 5, 2021 Share Posted July 5, 2021 (edited) 16 minutes ago, bonienl said: If you want the peer to access your LAN, change the type of access to "Remote access for LAN" and the LAN subnet will be added to the peer configuration (don't forget to update the peer configuration). The setting "Peer allowed IPs" tells what the Unraid server is allowed to access on the peer, and since 192.168.10.0/24 is your local subnet it can not exist on the peer as well. This is from the help in the GUI This field is automatically filled in with the tunnel address of the peer. This allows the server to reach the peer over the tunnel. When the peer is another server or router with additional networks, then their subnets can be added here to make these networks reachable over the tunnel. Well it was already on Remote access to LAN I can connect but i can access only the unraid server and nothing on the lan Edited July 5, 2021 by exico added screenshot Quote Link to comment
bonienl Posted July 5, 2021 Share Posted July 5, 2021 Are you sure the peer has the correct configuration? It needs to include your LAN subnet. You need to set Local server uses NAT = Yes This allows other devices on your LAN to communicate over the tunnel to the remote peer. If you are trying to access docker containers on their custom network address, you will need to do additional steps, which are explained in the Wireguard guide. Quote Link to comment
exico Posted July 5, 2021 Share Posted July 5, 2021 Yeah, my config includes allowed ips: [Interface] PrivateKey = REDACTED Address = 10.249.0.2/32 [Peer] PublicKey = REDACTED PresharedKey = REDACTED AllowedIPs = 10.249.0.1/32, 192.168.10.0/24 Endpoint = REDACTED:51820 NAT is on Yes as per screenshot What I'm trying to access is something. I tried the server ipmi, the web interface of the switch, pfsense interface on the router. Nothing pops up, just the unraid works and shows up Everything worked fine before... Quote Link to comment
bonienl Posted July 5, 2021 Share Posted July 5, 2021 What IP address are you using to access the server from the peer side? Is this 10.249.0.1 or 192.168.10.x ? Quote Link to comment
bonienl Posted July 5, 2021 Share Posted July 5, 2021 The wireguard configuration of wg0 is alright. You said that you have configured multiple tunnels. Have you tried testing with only one tunnel active at the time? Quote Link to comment
exico Posted July 5, 2021 Share Posted July 5, 2021 I did not, just tried and nothing changed. Just an hypotesis, can the setting "Host access to custom networks" set to enable in the docker settings be a problem? I will have to wait to stop dockers to test this atm cause there is a task running Quote Link to comment
bonienl Posted July 5, 2021 Share Posted July 5, 2021 It should not, but please test. Host access is a hack to circumvent the network protection of docker itself. Normally host access is not required and should be disabled. 1 Quote Link to comment
exico Posted July 5, 2021 Share Posted July 5, 2021 Disabled "Host access to custom networks" and now i can access everything except one docker but i will figure it later Quote Link to comment
dannydev Posted July 10, 2021 Share Posted July 10, 2021 Hey guys, I know this was referenced recently but is there a way to route only certain containers/VMs through the "VPN tunneled access" feature? When using my current config generated from pia-wg, it attempts to route all data going out of the server to the VPN. Quote Link to comment
ezzys Posted July 13, 2021 Share Posted July 13, 2021 Hi all, I have set up wireguard and I can access internet and local lan from my android phone when out and about. However when I tried to use the wireguard config with ubuntu I can only access the internet, not the lan. This means that I cannot access my unraid server (the main purpose of running wireguard). I have pretty much used all the standard / default settings and I am tunnelling all traffic, with 0.0.0.0/0 in my config file. Does anyone have any suggestions? Quote Link to comment
ljm42 Posted July 15, 2021 Author Share Posted July 15, 2021 On 7/10/2021 at 12:54 AM, dannydev said: Hey guys, I know this was referenced recently but is there a way to route only certain containers/VMs through the "VPN tunneled access" feature? When using my current config generated from pia-wg, it attempts to route all data going out of the server to the VPN. This thread has the latest info on connecting to commercial providers: There has been no change in regards to individual dockers, so what you see on the first post there is still correct. Quote Link to comment
ljm42 Posted July 15, 2021 Author Share Posted July 15, 2021 On 7/13/2021 at 2:36 PM, ezzys said: Hi all, I have set up wireguard and I can access internet and local lan from my android phone when out and about. However when I tried to use the wireguard config with ubuntu I can only access the internet, not the lan. This means that I cannot access my unraid server (the main purpose of running wireguard). I have pretty much used all the standard / default settings and I am tunnelling all traffic, with 0.0.0.0/0 in my config file. Does anyone have any suggestions? So your phone and Ubuntu clients are configured identically in the Unraid webgui, but they behave differently? It would have to be something about the Ubuntu client or the network it is on that is causing the issue. For instance, if the Ubuntu client and the Unraid server are both on the same subnet then things will not work correctly. Or if the Ubuntu client has a firewall perhaps it is blocking access to certain subnets. I would start by troubleshooting the Ubuntu client since you know the configuration works correctly on the phone. Quote Link to comment
timmyx Posted July 16, 2021 Share Posted July 16, 2021 On 7/1/2021 at 2:22 PM, ljm42 said: "Gone" as in not started? Do you have the tunnel set to autostart? Or "Gone" as in nothing is there and you have to recreate it? The files are stored in the config/wireguard folder on your flash drive. If those files go missing then I'd suspect an issue with your flash drive. We may be able to confirm issues with the flash drive if you upload your diagnostics zip file ( from Tools -> Diagnostics ) I'm sorry, I mean the connection never gets through again. All settings are there, auto-start on, but once the server is rebooted, the tunnel stops working Am I the only one with this sort of problem? Quote Link to comment
hive_minded Posted August 15, 2021 Share Posted August 15, 2021 (edited) I used to have a Wireguard tunnel set up and running, but I was unable to get remote working by using my domain name (only my server IP would work remotely). I was able to use this to access the WebGUI remotely. I recently switched from using Google domain, to using Cloudflare for DNS management. I have been able to get everything set up to where I can now access docker containers like Jellyfin remotely (using Nginx Proxy Manager). I have read that you should not use NPM to access your WebGUI remotely. So I am trying to set up up a Wireguard tunnel again. I can not seem to get it to work properly. Right now I am able to connect to the Tunnel/Peer I set up on my phone. If I try to go to mydomain.com, it directs me to the NPM 'Congratulations' landing page. I want it to work where going to mydomain.com sends me to my Unraid WebGUI. If I try to access my WebGUI by going to 192.xxx.x.xxx it just times out and doesnt take me anywhere. Where am I messing up? I'm not sure if I'm missing something on my router (Unifi), Cloudflare, NPM, or unraid GUI. Any help would be much appreciated. **edit** All of the above was on my Phone, not connected to my LAN. When I connect to my LAN, I am able to access my WebGUI by going to 192.xxx.x.xxx, and if I go to mydomain.com I still get the NPM 'Congratulations' landing page. **edit #2** I was not able to get anything to work at all when selecting 'remote tunnel access'. When I switched to 'Remote access to LAN' that is when I started to be able to access the internet, and the NPM 'Congratulations' landing page. Edited August 15, 2021 by hive_minded Quote Link to comment
ljm42 Posted August 16, 2021 Author Share Posted August 16, 2021 On 8/15/2021 at 11:52 AM, hive_minded said: I want it to work where going to mydomain.com sends me to my Unraid WebGUI WireGuard VPN does not change the url to your webgui. It is intended to give your remote device access to your network as though it were connected directly to the network. On 8/15/2021 at 11:52 AM, hive_minded said: I was not able to get anything to work at all when selecting 'remote tunnel access'. When I switched to 'Remote access to LAN' that is when I started to be able to access the internet, and the NPM 'Congratulations' landing page. If VPN works on "Remote access to LAN" but not "Remote tunneled access", there is likely a DNS issue. Switch from basic view to advanced and set the "Peer DNS server", either to the DNS server on Unraid's LAN (if there is one) or a global DNS server like 8.8.8.8 Don't forget that every time you make a change to the WireGuard config settings, you need to download the new config file to your phone Quote Link to comment
steveBBB Posted August 17, 2021 Share Posted August 17, 2021 Hi there, hoping im posting in the right place. Have Wireguard running fine, only thing I cant get access to is Splashtop desktop remotely. Do I need to change something in the settings? Thanks Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.