WireGuard quickstart


Recommended Posts

I've trying to set up wireguard for a few days by now, but I haven't been successful at all.

I stick exactly with the quick start guide and the only thing I change is my duckdns address and using a tunneled access. But as soon as I connect, I can't access my lan or any website on my phone. Unraid gui says that the tunnel is active and a few kbs are transferred but no handshake was made. Port forwarding in router is set up and obviously working 

Link to comment

So I found an insane solution for those of us who want the nice slick Wireguard UI that Unraid provides, all while being able to access everything!

 

Now im going to start by saying this is kind of stupid, and ill likely stop using this setup once the issue of not being able to access dockers and VMs gets fixed.

 

So here it is...run a second unraid machine.

 

Now to clarify, The Wireguard UI is plugin, which means it doesn't need the array running in order to work. So I took a little Intel based micro computer I had lying around, made an unraid USB and booted up. I skipped right past the license screen, didn't even sign up for a trial key, nothing. I just went straight to plugins page installed the CA App Store, and then installed Wireguard. From there I set it up like normal. You probably should go to users and set a password though.

 

Now I can access everything on my LAN including all the Dockers and VMs on my main unraid tower. And it is running great so far.

 

I feel a little wasteful using a core i5 to run a wireguard server, but hey, it wasn't doing anything else, and unraids wireguard implementation is worth it.

Link to comment
1 hour ago, ucliker said:

I have been trying for days to get the port forwarding message to go away. I have a Frontier router and I have port forwarded many times and this is the only time I can't get it to work. It's driving me crazy!

It doesn't go away. As noted in the OP (or somewhere on the first page) if you do not have uPNP enabled, unRAID cannot set up the port forward for you, so it puts up the "nag" reminder and it stays. If it doesn't do the work for you, it can't tell that you've done it, so it just leaves it there.

 

That said, maybe in some future version, it might be able notice a successful connection and remove the nag assuming that a connection means you got the port forward set up right.

Link to comment
5 hours ago, FreeMan said:

That said, maybe in some future version, it might be able notice a successful connection and remove the nag assuming that a connection means you got the port forward set up right.

WireGuard doesn't really report a connection status. It is silent by design and doesn't have a mechanism to keep a connection in a 'connected' status.

Link to comment
WireGuard doesn't really report a connection status. It is silent by design and doesn't have a mechanism to keep a connection in a 'connected' status.

I figured that would be misinterpreted - my bad.

 

Somehow, somewhere, the server can tell that the tunnel is active and that traffic is moving over it - it's reported on the dashboard. If that reporting mechanized could set a flag that the settings page can read, then the settings page would know that things must be working correctly and could remove the notification to port forward.

 

It would be a one-time set at the dashboard and each time the settings page comes up, it checks the flag to see if it should display the notice. The flag should be reset if the port is changed in the settings because, of course, you now have to forward a new port.

 

Just a thought.

 

Sent from Tapatalk

 

 

 

Link to comment
10 hours ago, xl3b4n0nx said:

I have setup the tunnel configuration and I am working on adding a peer. I want to use the 'Remote access to LAN' setting, but when I go to apply it the button won't click. Anyone else having this problem?

Select Advanced mode and check if a mandatory field is missing

 

A bug in the latest version, need to correct that.... DONE

Edited by bonienl
Link to comment

I made an update available with the fix. Version: 2019.12.26d

 

Regarding local endpoint, this could happen due to a mistake in one of the earlier versions. You need to enter it again and it should work from now on.

 

Perhaps it is a good idea to re-apply the settings (just make a change and undo the change to activate Apply). This will generate a new and proper settings file for both server and peer(s).

 

Edited by bonienl
Link to comment

I'm using wireguard to have all unraid outgoing connections go though a VPN.  Pain to setup as some of the options needed wont allow.  I had to export the config it generated, make the changes and import it back, and if I make any change though the UI it fails again.

 

Either way, that's setup now but it seems like any outside data I forward through my router to a docker doesn't work.

 

Example, I am using a MQTT docker with bridge networking. I setup port forward on my router for 1883 to unraid.  It was working fine/is working fine.  If I have the VPN connected I cant connect to the MQTT server from outside my network.  If I turn off the VPN it works fine again.  Is there something i need to do to make this work?

 

 

Link to comment
1 hour ago, RAINMAN said:

I'm using wireguard to have all unraid outgoing connections go though a VPN.  Pain to setup as some of the options needed wont allow.  I had to export the config it generated, make the changes and import it back, and if I make any change though the UI it fails again

Care to explain in more detail, perhaps with screenshots?

 

1 hour ago, RAINMAN said:

but it seems like any outside data I forward through my router to a docker doesn't work.

If I understand you correctly, you have set up a "VPN tunneled access" connection.

Such a connection allows Unraid to reach the outside world via a VPN provider, but likely not the other way round. Depends on the VPN provider.

Link to comment
7 hours ago, bonienl said:

Care to explain in more detail, perhaps with screenshots?

 

If I understand you correctly, you have set up a "VPN tunneled access" connection.

Such a connection allows Unraid to reach the outside world via a VPN provider, but likely not the other way round. Depends on the VPN provider.

Ok, maybe I had some field wrong, when I go through it again from scratch it works.  There is no way to set DNS though.  Perhaps there can be a field for additional custom options.  My VPN will try and push 10.9.0.1 as its DNS for my external devices but when I am internal to my network I want to force DNS = 192.168.254.50, 192.168.254.30.

 

I have VPN tunneled access, yes.  I am not trying to send to the VPN though.

 

Remote server -- 1883 --> Home IP (Router) Forward to -- 1883 --> 192.168.254.3 --> MQTT Docker.

 

I wouldn't expect the VPN to have any impact on this route?  If I disable the VPN it works so somehow the VPN is blocking the connection to the local IP of my unraid box.

 

If I use MQTT internal to my network its fine VPN on or off.

Edited by RAINMAN
Link to comment

If I put by MQTT docker on a custom: br0 network and assign it an IP and port forward to that IP, then I can get my outside connection to work but all my internal connections are dead because I have to go through and re-program them all. (many are arduinos so its a PITA if I need to change the IP)

 

Edit: it gets weirder, from a different webserver it does seem to connect fine.  I'm not sure where it would be blocking traffic from that server only, and only when the VPN is enabled.  Any suggestions where to look or what to look at?

Edited by RAINMAN
Link to comment
On 12/23/2019 at 6:55 PM, FreeMan said:

It doesn't go away. As noted in the OP (or somewhere on the first page) if you do not have uPNP enabled, unRAID cannot set up the port forward for you, so it puts up the "nag" reminder and it stays. If it doesn't do the work for you, it can't tell that you've done it, so it just leaves it there.

 

That said, maybe in some future version, it might be able notice a successful connection and remove the nag assuming that a connection means you got the port forward set up right.

Thanks, Yes I got it working but I just assumed the "nag" reminder would go away. Thanks for the input though, it was driving me nuts. 

Link to comment
5 minutes ago, BigIron said:

I am using Wireguard and have been for a couple of weeks. The remote access was working great. As of today, I am now getting the error "UPnP: forwarding not set" Or UPnP: **.**.**.***:51820->192.168.0.166:51820/UDP

 

Any ideas?

I had to redo the Wireguard authorization completely. The handshake dropped.

Link to comment

I'm having issues with getting the handshake to successfully occur.

 

I have WG setup on my Unraid server using the public IP. (I will use DDNS later, but I'm trying to reduce variables to solve this problem.)

I am running an EdgeRouter and setup a port forward to my unraid server.  I've ensured bridging is enabled on eth0.

 

I have configured a peer as "Remote Access to LAN" and tested this config using the QR code method on my iPhone.  I can't get my iPhone to handshake with Unraid.  I have Local server uses NAT set to Yes for now.  Will setup the static route later once I can get the basic stuff working.

 

Here is an screenshot of my configuration:

 

I read through this whole thread and saw some people had the same issue as me and tried the different solutions that worked for them, but none worked for me.  Any thoughts on what I can do to identify the issue? Thanks!

 

wg-config-screenshot.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.