WireGuard quickstart

[Phastor]

I'm using "remote access to lan" as my peer connection type. I've got an active tunnel and can remotely ping virtual machines running on my unRAID server as well as physical devices on my LAN over the tunnel. I can also access docker containers over the tunnel that are using network type "bridged". However, I cannot ping or access my PiHole container, which is using the network type "custom:br0" and has its own IP on my physical LAN's subnet. I'm guessing this has something to do with the container's IP being bound to the server's physical interface, but my VMs are configured the same way and I can access them just fine.

Edited March 7, 2022 by Phastor

[J05u]

Maybe anyone can help with making static route working?

I want to access my local network with wireguard. 

In Asus router i can't make network pool static route - my host ip is 192.168.0.1 ... 

I setup route from 192.168.0.1 to my unraid ip and no internet connection at all

[realies]

Multi-hop setups with Mullvad do not work. Presume due to a restriction on the "Peer tunnel address" field to have an IP from a different address pool than the "Local tunnel network pool" space.

[kennelm]

I've been running OpenVPN via Unraid docker for some time and it works great.  I just noticed that WireGuard is being offered as a preferred alternative so I decided to install that and try it out.  I have to say the install and client setup with QR Code was a breeze. 

 

I want to use WireGuard as a tunnel into my LAN, so I set it up that way.  Now, I'm reading that in order to do this and play nice with my VMs and other docker stuff, I need to define a static route in my router that sends the traffic over to WireGuard.  I cannot do this with my Eero mesh router.   Am I correct that a static route is needed for my use case?  Other than installing another device that can receive the traffic and forward to WireGuard, is there another way?

 

Do I have to move off of OpenVPN, assuming the docker might eventually be pulled from the unraid marketplace?

 

Thanks!

Edited March 15, 2022 by kennelm
typo

[steve1977]

I gave this a try, but failed to get things running.

 

I suspect that I don't have the port forwarding configured correctly or my ISP blocks the port forward. But that's just a suspicion.

 

I have wireguard installed on my IOS device and it connects (based on the settings from the QR code). But despite connecting, I cannot access to anything from Unraid.

 

I have followed the steps in this excellent how-to-guide: 

 

 

One thing, I noticed is that I cannot ping the IP of the "peer tunnel address". It says "no reply". Any idea whether this points to a specific issue that helps with troubleshooting?

[cbr600ds2]

So I see the connection types and its interesting - I haven't updated yet because I saw all of the issues people be having with PIA and this wireguard even though PIA now uses wireguard itself.  I did have a few questions -

 

1.  In the connection types - are all those available at any one time or do I have to set it for that type of connection when I start the server?  

2.  Sounds like people are writing off PIA or is anyone still actively trying to fix that connection issue. (I saw someone had gotten it figured out for the most part)

3.  ok I only had the two questions.   Sorry I'm not understanding

 

 

[clowncracker]

I'm having trouble getting this working on my PC.  I can get it working on my Android phone, but my PC fails to handshake with WireGuard and I have no idea what I am doing wrong.  The correct port is forwarded, I've tried changing Local server uses Nat to No and adding a static route in my router.  I've made sure to add a Peer DNS Server for my Pi-hole that runs independently of Unraid.  I don't understand why the exact same settings work on my Android phone but not my computer.  Here are my settings:

 

[mintjberry]

Hi all,

 

I'm moving location shortly and will be using Starlink internet.

I would like to continue to have remote access to my Unraid server for Plex and security camera access.
However, with Starlink using CGNAT there is no option to get a static IP, so I cannot port forward access to my Unraid server.

I am in the process of setting up a VPN on a VPS hosted via Oracle (the free tier). I will then reverse proxy in to access various services.

 

However I'm not 100% on the option that I need to configure in Wireguard on Unraid to have a point to point connection to my VPN, so I don't need to open any ports. Is it server to server? I don't want to expose my entire network, only certain internal services running on Unraid, or one of the VMs running on it.

 

[shchui]

Anyone found how to troubleshoot the "no handshake" or "handshake timeout" on wireguard? I need help as I have configure the VPN according to Space Invader, JuanMTech tutorial and the thread as below but still couldn't get a handshake:

 

[Civic1201]

 

Hi there,

I am using binhex-delugevpn for some of my containers, this works perfect.

When I try to connect remotly via Wirguard to my server I can only reach my containers without vpn-passthrough.

For exampel: krusader is working fine, jdownloader2 and others are not reachable, any ideas?

 

 

[ljm42]

On 3/23/2022 at 10:21 AM, clowncracker said:

I'm having trouble getting this working on my PC.  I can get it working on my Android phone, but my PC fails to handshake with WireGuard and I have no idea what I am doing wrong.

 

On 4/4/2022 at 12:03 AM, shchui said:

Anyone found how to troubleshoot the "no handshake" or "handshake timeout" on wireguard?

 

Have you actually tried using the tunnel yet? It will not connect (and therefore won't handshake) unless you actually try passing data over it.

 

[ljm42]

On 2/27/2022 at 8:22 AM, Fatcat87 said:

I have wireguard up and running and I am able to connect to my unraid server from anywhere. It works awesome.

 

I am working out of the country currently and I am still able to connect to my local network but I was under the impression that I could use the wireguard vpn to get around geo-blockers and visit websites and video services as if I was in my home country (USA). But when I try and hit for instance a local Florida news website www.WESH.com I get stopped saying:

 

 

My type of access is "Remote Tunneled Access"

 

TIA

 

Seems like it should work. Try visiting https://www.whatismyip.com/ and see if it says your client's IP is your home server's WAN IP.

 

If not, remember that every time you make a change to the WireGuard config on the server, you need to download the latest config to the client as well. So if you initially set the client up as "remote access to server" but then changed it to "remote tunneled access", you need to download the latest config to the client or it won't take effect.

[shchui]

On 4/18/2022 at 8:16 AM, ljm42 said:

 

 

Have you actually tried using the tunnel yet? It will not connect (and therefore won't handshake) unless you actually try passing data over it.

 

I can't remember what changes I made but it shows connected on android settings > VPN . Tried to ping the local IP but it's not connected. What am I doing wrongly?

[ljm42]

20 hours ago, shchui said:

What am I doing wrongly?

 

For security, WireGuard fails silently, so there isn't much to go on if it doesn't work. All I can suggest is to go through the first two posts again. It really does work  

[shchui]

18 hours ago, ljm42 said:

 

For security, WireGuard fails silently, so there isn't much to go on if it doesn't work. All I can suggest is to go through the first two posts again. It really does work  

Can you share to me the screenshot(s) when it it connected from Android? Do I need to use custom network (with NAT = off)? 

[netsrot303]

I unfortunately can't access my existing network with vpn connected. I can only access my Unraid server via the local Ip. I can't access the other network devices that are in the same network.
I have chosen "remote access to lan" as peer type.

[netsrot303]

I also tested the "tunneled remote access" once. When I am connected, I can only access the Unraid website. I cannot view any other page on the World Wide Web. Does anyone have any ideas?

Maybe @bonienl?

Edited May 19, 2022 by netsrot303
Customization

[JudMeherg]

Just realized I should post here for help and not the LAN-to-LAN thread so here goes.

 

I cannot get just a server to server connection to work after upgrading to 6.10.1.

 

Below are my settings in unraid and the routers (pfsense on one end and a linksys on the other)

 

Spoiler

network1: 192.168.1.0/24
Router1:  192.168.1.1
Unraid1:  192.168.1.30
Endpoint1 DNS: *********
Endpoint1 Port: 51821

 

network2: 192.168.0.0/24
Router2:  192.168.0.1
Unraid2:  192.168.0.226
Endpoint2 DNS: *************
Endpoint2 Port: 51821

 

VPN Tunnel: 10.253.0.0/24
unraid1 tunnel IP: 10.252.0.1
unraid2 tunnel IP: 10.253.0.2

 

 

 

 

I tried the end points as the respective duckdns addresses and as the actual IP addresses and I never got a ping back.

 

I hope I am missing something simple.

 

Any help would be greatly appreciated!

 

Well I am happy to say it works now...I did not change anything in my config, but I am getting handshakes. Wish I could offer some advice to anyone else that has an issue like mine, but I got nothing.

Edited May 25, 2022 by JudMeherg

[dboris]

 

After rebooting my remote server, I realised I couldn't access my tunnel anymore.
Thanks god I had Teamviewer running on a VM and was able to recover it.

 

[petchav]

Hello, 

 

I have created 2 VPN tunnels on my server, one "admin" and one "guest".
The admin has access to everything and that's what I want. 
 

On the other hand, I don't understand how the "Local tunnel firewall:" parameter works because I put it in deny mode and then I added the ip address of the vm I want to allow. Example 10.0.0.7

 

But, when I connect with the vpn guest I have access to all the devices on the network. But I would like only the indicated ip to be accessible. 
 

Thanks for your help, I hope my question is asked in the appropriate topic  

[ishtangli]

Read several posts with the same problem but no solution.

 

I can't access anything other than unraid. On 6.9, I was able to access my router, VMs, Dockers. On 6.10, I'm limitted to unraid. Is there any new/special configuration?

[Trylo]

My connection works well. I can access Unraid and other computers on the network. The only problem is that it is quite slow.

Unraid is connected to fiber 1Gbps up and down. Right now I'm on a network that also has fiber. Wifi connection to my laptop is giving me 400Mbps down and 320Mbps up. Yet via WireGuard VPN I have an upload of 20Mbps. I changed my MTU to 1472, but that didn't help. Any ideas?

[ishtangli]

Did you have wireguard before 6.10?

[Trylo]

3 hours ago, ishtangli said:

Did you have wireguard before 6.10?

I had Wireguard for a long time. I'm not tracking the versions. Currently I have 2021.06.02. Unraid: I'm still on 6.9.2

[btrcp2000]

another one with no outside access.  I can ping the phone (android), i can access UNRAID, I can see netwprk drives using Samsung's files app.  But I cant get it to use the home internet connection despite having chosen "remote tunneled access".  On 6.9.2 if that matters.  I see lots of others recently with similar issues?