bonienl Posted December 19, 2019 Share Posted December 19, 2019 (edited) On 12/17/2019 at 8:08 PM, FreeMan said: Hmm... will have to look at that and scratch my head to see if/how/when I can understand that one Maybe this drawing helps ... Edited December 19, 2019 by bonienl Quote Link to comment
NewDisplayName Posted December 19, 2019 Share Posted December 19, 2019 (edited) anyone found a solution to make wireguard automatic reconnect? I dont understand why it doesnt do it on his own. Ever night somewhere is a disconnect (and yes, ive set keepalive to 600s) Every morning i need to deactivate it on my mobile and then activate it again...?! Edited December 19, 2019 by nuhll Quote Link to comment
bonienl Posted December 19, 2019 Share Posted December 19, 2019 4 hours ago, nuhll said: Every morning i need to deactivate it on my mobile and then activate it again...?! Some mobiles go into standby mode to save energy, usually sometime during the night. This may interrupt communications. Does your mobile phone have specific settings to save battery? Quote Link to comment
kri kri Posted December 19, 2019 Share Posted December 19, 2019 14 hours ago, INTEL said: I would appritiate some screenshots of server to server setup, I just cannot figure it out. I am struggling with this as well, would appreciate any help! Quote Link to comment
bonienl Posted December 19, 2019 Share Posted December 19, 2019 24 minutes ago, ice pube said: I am struggling with this as well, would appreciate any help! Below an example configuration It is mandatory to define a local endpoint (main server) and a peer endpoint (backup server). These endpoints can be a URL or a (public) IP address of the server. When the main server is behind a NAT router then port forwarding must be set on the router. The same is true for a NAT router used at the backup server (peer) side. 1 Quote Link to comment
kri kri Posted December 19, 2019 Share Posted December 19, 2019 (edited) Thanks so much for your help Edited December 20, 2019 by ice pube Quote Link to comment
tcochran Posted December 20, 2019 Share Posted December 20, 2019 (edited) I am having some strange things going on with my wireguard setup. I have it setup to allow my Cellphone to connect via the Wireguard VPN and that works fine, I can access the UnRaid WebUI on my phone. Yet when I try to use one of my desktops at work and have similar settings trying to access the UnRaid WebUI ends up in timeouts, or it takes a long time, then when I try to log in it timeouts. I had it working just fine with an OpenVPN Docker. It is one thing that is baffling me. When I get home I am going to try to use my tablet connected to my Cellphones Hot Spot to see if I have the same difficulty Edited December 20, 2019 by tcochran Quote Link to comment
trurl Posted December 20, 2019 Share Posted December 20, 2019 21 minutes ago, tcochran said: use one of my desktops at work Possibly your work network won't allow it. Quote Link to comment
Squid Posted December 20, 2019 Share Posted December 20, 2019 30 minutes ago, trurl said: Possibly your work network won't allow it. My work blocks all VPN connections on their network Quote Link to comment
ijuarez Posted December 20, 2019 Share Posted December 20, 2019 16 minutes ago, Squid said: My work blocks all VPN connections on their network that happens quite often Quote Link to comment
Squid Posted December 20, 2019 Share Posted December 20, 2019 3 minutes ago, ijuarez said: that happens quite often Yeah, it sucks. Don't know why my IT department just can't understand that while I'm at work I'm there just to get the paycheck and have far more important things to do than actually earn it 🤔 2 Quote Link to comment
FreeMan Posted December 20, 2019 Share Posted December 20, 2019 On 12/19/2019 at 4:17 AM, bonienl said: Maybe this drawing helps ... Thanks. Been a bit hectic lately so I'm just now getting back to this. After looking at my main server and thinking about it for a minute, I realize it says "Tunnel wg0" and that all my connections are listed there, so I do get it now. In my head, each device gets its own privately encrypted connection and I thought that was the "tunnel" - I guess I applied the wrong term. It doesn't really matter if everything's working, so I'll live with my current level of knowledge. It's not important enough to me today to get any deeper. I think I may have it working correctly now! This is what's showing on my main server: And this is what I have on Backup: I added a second tunnel on the Backup server and imported the config file, enabled the tunnel and immediately had a connection on my main "HomeVPN" side. It does show my public IP address in the Local endpoint, not the DNS name - do I want to change that? Also, I ended up adding the tunnel because when I first imported the config, it was "server to server" and that's not what I was after. I tried to delete the peer and import the new one, but it didn't seem to change the settings. I added the new tunnel (actually, 2, obviously, though I'm not sure why), imported the config file and it seems to be working. I just took a look at the wg0 tunnel and it's got no settings in it at all. I may try deleting wg2 and importing the config file into wg0 to see if it'll work. It seems that it would be cleaner with just the one tunnel instead of one unused one and the 2nd functional one. Thoughts on that? Quote Link to comment
FreeMan Posted December 21, 2019 Share Posted December 21, 2019 Is there any reason to actively disconnect a laptop VPN connection back home to the server (for a remote to LAN connection)? I want to be able to have automatic backups running from a laptop to my server, and it seems that the easiest way to be to have the connection always active. If not, is there a "simple" way to activate the connection, say from a Win10 PowerShell script so I could automatically connect, launch the backup, then disconnect? Or is this appropriate for a whole new thread somewhere... Quote Link to comment
relink Posted December 21, 2019 Share Posted December 21, 2019 Sorry if this has been solved and I just didn't catch it. Almost every one of my docker containers has a custom IP address. Has there been any solution to connecting to docker containers with a custom IP yet? I disabled "Local server uses NAT:" and setup a static route in my router and it did absolutely nothing. I can access my unraids web UI just fine as well as other physical machines on my network. I just cant access most of my dockers. Quote Link to comment
tjb_altf4 Posted December 21, 2019 Share Posted December 21, 2019 (edited) Is it the current expected behaviour that on the unraid dashboard that the client tunnel remains long after session has been disconnected? From a user perspective, I would expect this to either show only active tunnels, or show all tunnels but with a status of disconnected (or similar) when that is the case. Other than also being stuck in the custom docker IP access dilemma for one of my applications, this implementation is superb Edited December 21, 2019 by tjb_altf4 Quote Link to comment
Bijoe Posted December 21, 2019 Share Posted December 21, 2019 Yea i reaaaally wish that i could access my Dockers over the VPN. Other Than that it really is super simple to setup and use. What i also like is that you can turn on the always on VPN in the Android App Quote Link to comment
bonienl Posted December 21, 2019 Share Posted December 21, 2019 18 minutes ago, Bijoe said: Yea i reaaaally wish that i could access my Dockers over the VPN. See this guide 1 Quote Link to comment
Zer0Nin3r Posted December 21, 2019 Share Posted December 21, 2019 On 10/12/2019 at 1:59 PM, nuhll said: W T F, was that easy. LOL Working 1000%. Easy to use. I love that I can use it alongside my primary VPN connection and still access home securely. Couldn't do that with Tunnelblick...I tried. Quote Link to comment
Ding Dong Del Posted December 22, 2019 Share Posted December 22, 2019 Hi all, please sing out if this is the wrong thread and/or more info is needed to troubleshoot. I am following along @ljm42 's writeup (thank you @ljm42). I've come across what I think is an error in page validation logic when attempting to configure a tunnel via UNRAID->Settings->VPN Manager. I have my own domain where the top level is .management When attempting to enter the domain name I get an error (looks like a javascript validation error - including it here in case someone else is searching for the same error message) The error message (chrome) is: "Please match the format requested." "IP Adress or FQDN" The error message (safari) is: "Match the requested format." From what I can tell, page is expecting that the top level domain (TLD) will be 8 characters or less. Some (not very scientific) examples / tests: fred.management - ERROR management.fred - Saves FINE fred.fredfred - Saves FINE fred.fredfredf - ERROR (note one additional character in the TLD) I've tried clearing my browser cache in case I had some js validation file/library cached. Not really sure who to address this to as I don't know who is the author of the Wireguard VPNManager page. Quote Link to comment
itimpi Posted December 22, 2019 Share Posted December 22, 2019 1 hour ago, Ding Dong Del said: Hi all, please sing out if this is the wrong thread and/or more info is needed to troubleshoot. I am following along @ljm42 's writeup (thank you @ljm42). I've come across what I think is an error in page validation logic when attempting to configure a tunnel via UNRAID->Settings->VPN Manager. I have my own domain where the top level is .management When attempting to enter the domain name I get an error (looks like a javascript validation error - including it here in case someone else is searching for the same error message) The error message (chrome) is: "Please match the format requested." "IP Adress or FQDN" The error message (safari) is: "Match the requested format." From what I can tell, page is expecting that the top level domain (TLD) will be 8 characters or less. Some (not very scientific) examples / tests: fred.management - ERROR management.fred - Saves FINE fred.fredfred - Saves FINE fred.fredfredf - ERROR (note one additional character in the TLD) I've tried clearing my browser cache in case I had some js validation file/library cached. Not really sure who to address this to as I don't know who is the author of the Wireguard VPNManager page. Your report will get noticed here FYI: As long as you have installed it via Community Applications you can easily get to the support thread for any particular plugin by going to the Plugins tab and then clicking on the Support option listed for each plugin. Alternatively find WireGuard on the Apps tab and click the support icon shown for it there to get to the same point. Quote Link to comment
bonienl Posted December 22, 2019 Share Posted December 22, 2019 38 minutes ago, itimpi said: Your report will get noticed here Sure, but better to report issues in the relevant topic Anyway, I made an update which validates FQDN input against all the top level domains (TLD) defined by IANA as of December 21, 2019. Go to plugins and update the Dynamix Wireguard plugin. Quote Link to comment
Ding Dong Del Posted December 22, 2019 Share Posted December 22, 2019 1 hour ago, itimpi said: Your report will get noticed here FYI: As long as you have installed it via Community Applications you can easily get to the support thread for any particular plugin by going to the Plugins tab and then clicking on the Support option listed for each plugin. Alternatively find WireGuard on the Apps tab and click the support icon shown for it there to get to the same point. Thanks for the heads up @itimpi Quote Link to comment
Ding Dong Del Posted December 22, 2019 Share Posted December 22, 2019 45 minutes ago, bonienl said: Sure, but better to report issues in the relevant topic Anyway, I made an update which validates FQDN input against all the top level domains (TLD) defined by IANA as of December 21, 2019. Go to plugins and update the Dynamix Wireguard plugin. Awesome @bonienl, worked a treat, thank you! And a general thank you for the great work you and community / limetech do - really awesome product! Quote Link to comment
chanster Posted December 23, 2019 Share Posted December 23, 2019 I've not been able to get Wireguard to work on my setup. I've followed all the troubleshooting steps in this thread including port forwarding, making sure the tunnel is active in the UI etc. I used the default port of 51820. I've tried setting the local endpoint using my WAN IP or my DuckDNS URL. I've also tried manually entering in my router address as the peer DNS server. Here's what I'm seeing : - Wireguard app shows "connected" - Wireguard app log shows handshake not completing in 5 seconds and keeps re-trying without success - Wireguard web UI / Unraid dashboard shows that handshake was never received - Tried to ping my peer tunnel address via web UI and it fails Not sure if these are a factor : - iOS 13.3.1 - T-Mobile 39.5.1 In the Wireguard app screenshot below, the listen port is not 51820 and this seems to change to a different number every time I start a new session. Can anyone help ? Quote Link to comment
gadgethome Posted December 23, 2019 Share Posted December 23, 2019 Hi, On your screenshot, its using a different port to the default 51820 ? Did you do port forwarding on your router? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.