Ruato Posted January 7, 2020 Share Posted January 7, 2020 13 hours ago, unRaide said: Hi, got this setup in a matter of minutes following the guide posted and connecting to my server works great!! Problem is that i cant access anything else on the web from the peer (iphone 11 pro on ios 13.) I tried both "Remote tunneled access" and "Remote access to Lan" access types with the same issue on both. Any ideas? Thx Did you define the DNS? I had a similar issue that was resolved after I defined the DNS. Quote Link to comment
magonzalez112 Posted January 7, 2020 Share Posted January 7, 2020 For all those having problems and everything seems to be well configured. I figured out a dumb solution, I was hitting my head with the table (figuratively speaking) at the moment I got it working. Disable data saving on your android phone or iphone. Invite me a coffee I've been 2 hours trying different ports, different settings, removing tunnels, creating them again, reinstalling wireguard. All was fine... it was the damn phone. I hate this feeling. Quote Link to comment
tcochran Posted January 8, 2020 Share Posted January 8, 2020 On 12/20/2019 at 4:47 PM, trurl said: Possibly your work network won't allow it. According to our IT person it should allow the VPN to connect. I even tested it by taking my tablet in and doing a USB-C to Ethernet Connection and it should our domain and allowed my tablet to access my Server UnRaid UI. He thinks it may be something with the a certificate. Quote Link to comment
unRaide Posted January 8, 2020 Share Posted January 8, 2020 On 1/7/2020 at 2:36 AM, Ruato said: Did you define the DNS? I had a similar issue that was resolved after I defined the DNS. Hi Ruato, thanks for replying. Updating the “Peer DNS Server” setting worked! However, I’m currently using pihole on 192.168.1.2 but setting the dns to that didn’t seem to work. I had to use a public dns like quad9. Does anyone know if it’s possible to route peer traffic through pihole? Quote Link to comment
ArtVandelay Posted January 10, 2020 Share Posted January 10, 2020 I apologize if this has already been covered but im having issues accessing unraids web gui while connected through wireguard but am able to access various dockers and other devices on my network. Even the controlIR app works. Im so lost im not even sure how to further describe this issue. Any help would be greatly appreciated. Quote Link to comment
trurl Posted January 10, 2020 Share Posted January 10, 2020 4 minutes ago, ArtVandelay said: im having issues accessing unraids web gui while connected through wireguard Are you trying to access by IP address or by server name? Quote Link to comment
ArtVandelay Posted January 10, 2020 Share Posted January 10, 2020 (edited) 26 minutes ago, trurl said: Are you trying to access by IP address or by server name? ive tried both and it quickly redirects to a long address ie: 3838438r834839r576289f8f7s39g0s8acbfdb.unraid.net (which it usually does on my local network) but i immediately get a ERR_NAME_NOT_RESOLVED error. Just to clarify. I can still access the web gui on my local network while a wireguard device is connected. Just not on the wireguard connected device itself. Edited January 10, 2020 by ArtVandelay Quote Link to comment
NOLA_DireWolff Posted January 12, 2020 Share Posted January 12, 2020 I'm having a bit of networking trouble with this. I'm running in remote tunneled access from a phone and a PC. They are outside of my LAN. I can ping and connect to all LAN devices, including the unraid GUI. I have NAT off on the wireguard setup. I've also tried it with NAT on, it doesn't work. I have the static route set as instructed in the GUI. I use Unifi network gear. I am running the @SpaceInvaderOne Shinobi CCTV docker, which works great while on the LAN. My unraid machine has two NICs. eth0 is for traffic other than the CCTV, eth1 is on a separate network VLAN and is in bridge mode, br1. ShinobiCCTV on that VLAN is accessible from my main network. Firewall rules keep the cameras from reaching the internet, and the cameras can't start communications outside of their network. That whole IP range is isolated. When on the wireguard connection, I have the DNS server set to my network gateway and the internet addresses are accessible. ShinobiCCTV has its own IP address 1 lower than my unraid server, I'm using the standard port 8080. Looking in my network admin software I can see unique mac addresses for shinobiCCTV docker and Unraid on that VLAN. I SSH into my gateway and the output of "show ip route" is "S>* 10.253.0.0/24 [1/0] via 10.69.1.20, eth1" which seems correct, yes? **** As a second point.... dividing my network was based on the concept of security paranoia with IP cameras and other IOT devices. If there is a better way to do this please let me know. I'm not sure what to do here. I've searched a lot, but I don't know the next step to fix this. Thank you. Quote Link to comment
planetwilson Posted January 13, 2020 Share Posted January 13, 2020 I am struggling with this. I am trying to get a tunnel so all of my traffic goes through Wireguard. I am connecting okay and can access my unRaid server and other servers on the main LAN just fine. I can't access any internet sites though. It feels like a DNS issue but I think I have it all setup as I should. uNRAID IP: 192.168.44.10 Router/DNS : 192.168.44.254 Wireguard config:- Router static route:- Quote Link to comment
PsyVision Posted January 13, 2020 Share Posted January 13, 2020 Thanks for this guide, it's working well for me. I can access my containers on my separate VLAN (192.168.5.0/24) when connected via WireGuard. My unRAID server is 192.168.1.50. In my client configuration I get: AllowedIPs=10.253.0.1/32, 192.168.1.0/24 For everything to work on the client I need to explicitly add 192.168.5.0/24 to the list (e.g when setting up my phone, I had to do this on the phone itself). What is a valid config entry in unRAID to have other subnets populate? I tried adding 192.168.5.0 and 192.168.5.0/24 to the 'Peer allowed IPs' setting but that seems to make no difference. Quote Link to comment
bonienl Posted January 13, 2020 Share Posted January 13, 2020 6 hours ago, planetwilson said: It feels like a DNS issue but I think I have it all setup as I should Can you ping the DNS IP address 192.168.44.254 ? Otherwise try DNS 8.8.8.8 Quote Link to comment
bonienl Posted January 13, 2020 Share Posted January 13, 2020 1 hour ago, PsyVision said: What is a valid config entry in unRAID to have other subnets populate? There is NO such entry. The allowed IPs for the peer are automatically generated based on the interfaces/networks present on the server. Three possible approaches: 1. Configure an IP address + subnet on the VLAN interface for the server. This will add an entry to the peer config 2. Use "Remote tunneled access". This sets a default route (=all subnets) on the peer 3. Manually add the entry at the peer side. What you are doing right now Quote Link to comment
PsyVision Posted January 13, 2020 Share Posted January 13, 2020 51 minutes ago, bonienl said: There is NO such entry. The allowed IPs for the peer are automatically generated based on the interfaces/networks present on the server. Three possible approaches: 1. Configure an IP address + subnet on the VLAN interface for the server. This will add an entry to the peer config 2. Use "Remote tunneled access". This sets a default route (=all subnets) on the peer 3. Manually add the entry at the peer side. What you are doing right now Thanks @bonienl! Quote Link to comment
planetwilson Posted January 14, 2020 Share Posted January 14, 2020 9 hours ago, bonienl said: Can you ping the DNS IP address 192.168.44.254 ? Otherwise try DNS 8.8.8.8 I can ping the unraid box and I can ping the router/DNS address. I have tried setting 8.8.8.8 on the client and that doesn't work either. Quote Link to comment
bonienl Posted January 14, 2020 Share Posted January 14, 2020 Is the remote peer a Windows machine? Could be a firewall issue, try to disable temporary and see if that makes a difference. Quote Link to comment
planetwilson Posted January 14, 2020 Share Posted January 14, 2020 18 minutes ago, bonienl said: Is the remote peer a Windows machine? Could be a firewall issue, try to disable temporary and see if that makes a difference. No I am experiencing the same issue on a Mac and on an iPhone as well. Are there any route settings I need to set within unRaid as well or just on my router? Quote Link to comment
bonienl Posted January 14, 2020 Share Posted January 14, 2020 If all is pingable then routing-wise everything is in place. I suspect something on a higher level is blocking the communication, hence my firewall hint. Quote Link to comment
hdlineage Posted January 16, 2020 Share Posted January 16, 2020 (edited) After two days of trying the unraid implementation of wireguard, here is my summary of what works and what doesn't work: 1. Simple connection (if you dont have any vlan or vlan interfaces on unraid) between unraid sever and windows client works in "Lan mode" and "Tunnel mode" 2. Even when routed properly on router, if your docker is on a separate subnet (ie vlan), you will still be blocked, however, VM on a different vlan can be reached 3. Windows client currently only supports one connection/interface at a time, there is a workaround to add more interface but is not elegant. Not being able to reach docker on a different subnet was the deal breaker for me, so I stopped using unraid for wireguard. When wireguard is installed on a VM it works perfectly, you can reach everything including docker on a vlan. Edit: turns out it was vlan/docker setting issue, see below Edited January 16, 2020 by hdlineage Quote Link to comment
Hoopster Posted January 16, 2020 Share Posted January 16, 2020 27 minutes ago, hdlineage said: 2. Even when routed properly on router, if your docker is on a separate subnet (ie vlan), you will still be blocked, however, VM on a different vlan can be reached I have no such issues. I have several docker containers on a VLAN (.3.x subnet with unRAID server and host/bridge containers on a .1.x subnet). All docker container WebUIs on the VLAN are aaccessible via Wireguard. The problem initially preventing access to them via WireGuard turned out to be a misconfiguration in the VLAN in unRAID. Quote Link to comment
hdlineage Posted January 16, 2020 Share Posted January 16, 2020 (edited) 1 hour ago, Hoopster said: I have no such issues. I have several docker containers on a VLAN (.3.x subnet with unRAID server and host/bridge containers on a .1.x subnet). All docker container WebUIs on the VLAN are aaccessible via Wireguard. The problem initially preventing access to them via WireGuard turned out to be a misconfiguration in the VLAN in unRAID. Can you share your setup including how you configured the unraid VLAN? My unraid has two interfaces: br0 with subnet 192.168.1.0/24 (unraid host ip: 192.168.1.10) gateway(router) 192.168.1.1 br0.100 (vlan) with subnet 192.168.100.0/24 (unraid host ip: 192.168.100.10) gateway(router) 192.168.100.1 My VM and docker uses br0.100 with subnet 192.168.100.0/24 I configured wireguard to use the subnet 192.168.150.0/24 My router is configured with static route to all the subnets listed above. Whenever I'm connected via unraid wireguard I can access everything except docker (I can connect to VM on the same subnet) When routing Wireguard traffic back to unraid I could only use 192.168.100.10 but not 192.168.1.10 (this is weird since I could access unraid GUI through both IP which means the two interfaces were working normally, maybe wireguard pick one interface to listen on?) With this setup I could not access docker on the 192.168.100.0/24, but was able to access VM on the same subnet. However, when i connect to wireguard installed on the VM, there is no problem at all. Edited January 16, 2020 by hdlineage Quote Link to comment
Hoopster Posted January 16, 2020 Share Posted January 16, 2020 5 minutes ago, hdlineage said: Can you share your setup including how you configured the unraid VLAN? I did a write-up of my unRAID and router configuration to get this working as I initially had the same problem (no access to docker containers on the VLAN). Additionally, I wanted WireGuard connected clients to go through Pihole just as they do on my LAN. The write-up can be found here. 1 Quote Link to comment
hdlineage Posted January 16, 2020 Share Posted January 16, 2020 36 minutes ago, Hoopster said: I did a write-up of my unRAID and router configuration to get this working as I initially had the same problem (no access to docker containers on the VLAN). Additionally, I wanted WireGuard connected clients to go through Pihole just as they do on my LAN. The write-up can be found here. Thanks for your help. We have very similar config except I have the unraid on the vlan as well. Turns out it was the two interfaces that's causing trouble. Somehow if unraid has an interface that is on the same subnet/vlan as docker, you can't access docker no matter what. For me it doesn't really matter where unraid is, but I do wonder if there is a way to for unraid to be on the same subnet as docker. Quote Link to comment
bonienl Posted January 16, 2020 Share Posted January 16, 2020 1 hour ago, hdlineage said: but I do wonder if there is a way to for unraid to be on the same subnet as docker. In version 6.8.1 a new setting is introduced "Host access to custom networks" which allows Unraid to communicate with docker containers on the same (macvlan) network. Unfortunately 6.8.1 is missing a update which causes the new setting not to function yet, this will be corrected in 6.8.2. 1 Quote Link to comment
kapetanios Posted January 16, 2020 Share Posted January 16, 2020 Hey guys! Any news on a tutorial on Lan to Lan setup? Quote Link to comment
NOLA_DireWolff Posted January 19, 2020 Share Posted January 19, 2020 On 1/16/2020 at 2:26 AM, bonienl said: In version 6.8.1 a new setting is introduced "Host access to custom networks" which allows Unraid to communicate with docker containers on the same (macvlan) network. Unfortunately 6.8.1 is missing a update which causes the new setting not to function yet, this will be corrected in 6.8.2. This may be the solution to my problem? If so - is there a CLI implementation or a work around? I am unable to access my CCTV streams remotely due to this. Thank you. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.