WireGuard quickstart


Recommended Posts

5 minutes ago, bclinton said:

Going nuts trying to figure out what is causing my issue with wireguard. Connecting from windows 10 machines. Can access the internet with my browser after connecting to wireguard with the remote tunnelling option however I can not connect to my unraid server. I get "Hmmm… your Internet access is blocked Firewall or antivirus software may have blocked the connection." on 2 different laptops. My server dashboard shows the unraid server online but when I click local access I get the error message.  However on my android phone it works fine after I connect to wireguard. I am able to get to my unraid server and use the tunnel for internet access. Looking for suggestions. 

 

Are your other windows machines connecting from a different network/subnet? 

Link to comment
3 minutes ago, CorserMoon said:

No, I mean are the windows machines that you are using wireguard on signed on to a different Wi-Fi network than where the unraid server is? You can't sign into a VPN while still on the same LAN. 

That was my problem! Thanks my friend. I feel stupid :)

 

Now I know to test wireguard from a separate network :)

Link to comment
On 11/24/2021 at 10:36 AM, CorserMoon said:

I've gone through the set-up and troubleshooting several times and still having issues with getting Remote Tunneled Access working correctly. Help, I'm stuck. 

 

Symptoms: 

  • Can connect to VPN but only able to access unraid (192.168.1.107)
  • No access to other LAN IPs. I know dockers with custom IPs wont work, but I can't even access IP cameras, other devices, router, etc.
  • No Access to Router (192.168.1.254).
  • No internet when using router ip as DNS. When adding a public dns like 1.1.1.1, I can access internet, but still no access to other LAN devices. 

Troubleshooting

  • Tried connecting from different wifi network that is on different subnet (192.168.68.x)
  • Tried connecting from 5G cell network
  • Tried on both cell phone (wifi and 5g) and laptop (wifi)
  • Updated apps, updated vpn files/config
  • UDP port forwarded
  • Settings>Network Settings>Enable Bridging = Yes
  • Settings>Docker>Host Access to Custom Networks = Yes

I used to use OpenVPN and didnt have issues so I'm pretty sure my network setup isn't overly complicated. Attached images of VPN and Network settings for reference.

 

 

Everything looks ok. My only suggestion would be to try setting "Use NAT" to No so the webgui tells you what static route to create, and see if creating that helps. 

 

  • Thanks 1
Link to comment
1 hour ago, ljm42 said:

 

Everything looks ok. My only suggestion would be to try setting "Use NAT" to No so the webgui tells you what static route to create, and see if creating that helps. 

 

 

Not sure if this is normal or not, but when looking at the Unraid network settings Routing Table, the 2 VPN IPs (10.253.0.2 & 10.253.0.3) hace "wg0" as the gateway. Is that expected?

 

 

2021-12-06 00_34_12-Executor_NetworkSettings.png

Link to comment

I ran the 'wg' command in unraid to ensure i was connected and I noticed that the peer endpoint (my phone connecting from 5G using duckdns) has a random port on the end of the ip. Is this expected? The server endpoint I set up is [mydomain].duckdns.org:51820. 

 

 

2021-12-06 10_24_48-bash --login (Executor).png

Edited by CorserMoon
Link to comment
10 hours ago, CorserMoon said:

Not sure if this is normal or not, but when looking at the Unraid network settings Routing Table, the 2 VPN IPs (10.253.0.2 & 10.253.0.3) hace "wg0" as the gateway. Is that expected?

 

40 minutes ago, CorserMoon said:

I ran the 'wg' command in unraid to ensure i was connected and I noticed that the peer endpoint (my phone connecting from 5G using duckdns) has a random port on the end of the ip. Is this expected? The server endpoint I set up is [mydomain].duckdns.org:51820. 

 

These are both normal

 

Link to comment
6 hours ago, ljm42 said:

 

 

These are both normal

 

 

hm. I don't know what is going on the. I've tried different vpn subnets, trashing everything and restarting from scratch, and still same behavior. Anyone else here running an ATT residential fiber gateway that has wireguard working? I'm wondering if some baked in firewall rules on the router is the issue. 

Link to comment

I'm having issues with SSH while connected to a wireguard tunnel.

 

My unraid server has a wireguard tunnel set up and a peer with type of access set to remote tunneled access. While my laptop is connected to my server via wireguard I can connect to the internet, access the webui, and SSH into the unraid server.

 

However, while connected to wireguard I cannot SSH into any other machines on my servers LAN nor other machines over the internet. When SSHing into machines on my server's LAN, SSH usually hangs for a bit then outputs "Connection closed by xxx.xxx.xxx.xxx port 22", whereas machines over the internet output "ssh: Could not resolve hostname ssh.xxxxxxx.xxx: Temporary failure in name resolution" when using web address and "Connection closed by xx.xxx.xxx.xxx port 22" when using ip.

 

Any ideas? Thanks in advance.

Link to comment
20 hours ago, chasun said:

I'm having issues with SSH while connected to a wireguard tunnel.

 

My unraid server has a wireguard tunnel set up and a peer with type of access set to remote tunneled access. While my laptop is connected to my server via wireguard I can connect to the internet, access the webui, and SSH into the unraid server.

 

However, while connected to wireguard I cannot SSH into any other machines on my servers LAN nor other machines over the internet. When SSHing into machines on my server's LAN, SSH usually hangs for a bit then outputs "Connection closed by xxx.xxx.xxx.xxx port 22", whereas machines over the internet output "ssh: Could not resolve hostname ssh.xxxxxxx.xxx: Temporary failure in name resolution" when using web address and "Connection closed by xx.xxx.xxx.xxx port 22" when using ip.

 

Any ideas? Thanks in advance.

 

I'm in a similar boat. Wireguard seems to be plug and play for some and broken for others like us.

Link to comment
  • 3 weeks later...

Hello everyone, I seems to have a common issue and I cannot find the problem.

 

I've setup wireguard with 8.8.8.8 as dns. I have Host Access Enabled because if I don't, my pihole running on br0 cannot be contacted. Local server uses nat to no, peer type of access to Remote access to LAN.

 

I also added 2 rules in my pfsense

source: 10.253.0.0/24 (vpn)

destination: unraid ip

protocol: any

 

and

source: 10.253.0.0/24 (vpn)

destination: lan ip address

protocol: any

 

With that, I can access the Internet through my VPN and I can reach my unraid server, but I cannot access anything else on the network (neither docker container with there own IP or other device on the network). I don't have vlan, thus all my devices are on the same subnet, same as my server and my docker with fixed ips.

 

Is there a way to have that?

 

Thank you

Link to comment
21 minutes ago, Nodiaque said:

Hello everyone, I seems to have a common issue and I cannot find the problem.

 

I've setup wireguard with 8.8.8.8 as dns. I have Host Access Enabled because if I don't, my pihole running on br0 cannot be contacted. Local server uses nat to no, peer type of access to Remote access to LAN.

 

I also added 2 rules in my pfsense

source: 10.253.0.0/24 (vpn)

destination: unraid ip

protocol: any

 

and

source: 10.253.0.0/24 (vpn)

destination: lan ip address

protocol: any

 

With that, I can access the Internet through my VPN and I can reach my unraid server, but I cannot access anything else on the network (neither docker container with there own IP or other device on the network). I don't have vlan, thus all my devices are on the same subnet, same as my server and my docker with fixed ips.

 

Is there a way to have that?

 

Thank you

 

Yea, similar issue to me (though I don't use pihole). I can only access unraid when i have the DNS set to my router but no internet and no LAN. If I add a public DNS like 8.8.8.8, I can then access internet, but still no LAN. I've read through dozens of threads and reddit posts and still have been unable to get local LAN access to work. 

Link to comment
 
Yea, similar issue to me (though I don't use pihole). I can only access unraid when i have the DNS set to my router but no internet and no LAN. If I add a public DNS like 8.8.8.8, I can then access internet, but still no LAN. I've read through dozens of threads and reddit posts and still have been unable to get local LAN access to work. 
Give me some examples of things you are trying to access. http://what

Sent from my GM1917 using Tapatalk

Link to comment
2 minutes ago, ljm42 said:

Give me some examples of things you are trying to access. http://what

Sent from my GM1917 using Tapatalk
 

With only my router IP as the DNS, I can only access unraid (192.168.1.107) but no internet (http://www.google.com for example) and no other devices on my LAN such as 192.168.1.254 (router), 192.168.1.111 (managed switch) or 192.168.1.201 (Hubitat), etc. If I add 8.8.8.8 to the DNS record (so it's then 192.168.1.254,8.8.8.8) I can access unraid (192.168.1.107) and the internet (Google, etc), but still no other LAN IPs. Right now I'm at my in-laws on their network which is 192.168.68.x so that shouldn't be a conflict. 

Link to comment
With only my router IP as the DNS, I can only access unraid (192.168.1.107) but no internet (http://www.google.com for example) and no other devices on my LAN such as 192.168.1.254 (router), 192.168.1.111 (managed switch) or 192.168.1.201 (Hubitat), etc. If I add 8.8.8.8 to the DNS record (so it's then 192.168.1.254,8.8.8.8) I can access unraid (192.168.1.107) and the internet (Google, etc), but still no other LAN IPs. Right now I'm at my in-laws on their network which is 192.168.68.x so that shouldn't be a conflict. 
OK if you are accessing by IP then DNS isn't the issue. Sorry, all of the tips I have are in the first two posts, I don't have any other ideas.

Sent from my GM1917 using Tapatalk

Link to comment
26 minutes ago, ljm42 said:

OK if you are accessing by IP then DNS isn't the issue. Sorry, all of the tips I have are in the first two posts, I don't have any other ideas.

Sent from my GM1917 using Tapatalk
 

I'm thinking it is either weirdness with my gateway (ATT fiber gateway) or corruption/conflicts with the unraid routing table. I may try resetting the unraid network settings so see if that helps. I'm also in hte process of building a pfsense box and bypassing the gateway. Hopefully one of those fixes the issue. 

Link to comment
  • 2 weeks later...
1 hour ago, shawnngtq said:

Question

 

My router has built-in vpn. If I am outside home network, I can connect to my router vpn, then access my unraid.

 

In this case, is there any pro/con installing wireguard, do I still need it?

 

If you are happy with your current solution then you don't need to switch. A lot of people do not have VPN-capable routers, or their Unraid boxes are much more powerful than their routers, or they don't like administering their routers. We created the Unraid VPN solution for those folks.

  • Thanks 1
Link to comment
  • 2 weeks later...

I have three servers in three different locations with each server talking to the other servers through Wireguard.  Everything works ok for a few days and then server2 and server3 no longer talk to each other.  In the screenshot below you can see that opnsense is denying the communication.  The red "deny" log entries are the failed attempts of server2 to talk to server3.  The thing is that Wireguard is configured to use port 51822 but it's using 31633.  If I disable the tunnel on server2, wait about 10 seconds, and then re-enable it the tunnel connects ok again using the proper port 51822 as you can see below with the blue and green log entries.

 

image.thumb.png.d18bdc5597621223949bb3805419c4cf.png

Link to comment
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.