Jump to content
ljm42

WireGuard quickstart

376 posts in this topic Last Reply

Recommended Posts

I've trying to set up wireguard for a few days by now, but I haven't been successful at all.

I stick exactly with the quick start guide and the only thing I change is my duckdns address and using a tunneled access. But as soon as I connect, I can't access my lan or any website on my phone. Unraid gui says that the tunnel is active and a few kbs are transferred but no handshake was made. Port forwarding in router is set up and obviously working 

Share this post


Link to post

I have been trying for days to get the port forwarding message to go away. I have a Frontier router and I have port forwarded many times and this is the only time I can't get it to work. It's driving me crazy!

Share this post


Link to post

So I found an insane solution for those of us who want the nice slick Wireguard UI that Unraid provides, all while being able to access everything!

 

Now im going to start by saying this is kind of stupid, and ill likely stop using this setup once the issue of not being able to access dockers and VMs gets fixed.

 

So here it is...run a second unraid machine.

 

Now to clarify, The Wireguard UI is plugin, which means it doesn't need the array running in order to work. So I took a little Intel based micro computer I had lying around, made an unraid USB and booted up. I skipped right past the license screen, didn't even sign up for a trial key, nothing. I just went straight to plugins page installed the CA App Store, and then installed Wireguard. From there I set it up like normal. You probably should go to users and set a password though.

 

Now I can access everything on my LAN including all the Dockers and VMs on my main unraid tower. And it is running great so far.

 

I feel a little wasteful using a core i5 to run a wireguard server, but hey, it wasn't doing anything else, and unraids wireguard implementation is worth it.

Share this post


Link to post
1 hour ago, ucliker said:

I have been trying for days to get the port forwarding message to go away. I have a Frontier router and I have port forwarded many times and this is the only time I can't get it to work. It's driving me crazy!

It doesn't go away. As noted in the OP (or somewhere on the first page) if you do not have uPNP enabled, unRAID cannot set up the port forward for you, so it puts up the "nag" reminder and it stays. If it doesn't do the work for you, it can't tell that you've done it, so it just leaves it there.

 

That said, maybe in some future version, it might be able notice a successful connection and remove the nag assuming that a connection means you got the port forward set up right.

Share this post


Link to post
5 hours ago, FreeMan said:

That said, maybe in some future version, it might be able notice a successful connection and remove the nag assuming that a connection means you got the port forward set up right.

WireGuard doesn't really report a connection status. It is silent by design and doesn't have a mechanism to keep a connection in a 'connected' status.

Share this post


Link to post
WireGuard doesn't really report a connection status. It is silent by design and doesn't have a mechanism to keep a connection in a 'connected' status.

I figured that would be misinterpreted - my bad.

 

Somehow, somewhere, the server can tell that the tunnel is active and that traffic is moving over it - it's reported on the dashboard. If that reporting mechanized could set a flag that the settings page can read, then the settings page would know that things must be working correctly and could remove the notification to port forward.

 

It would be a one-time set at the dashboard and each time the settings page comes up, it checks the flag to see if it should display the notice. The flag should be reset if the port is changed in the settings because, of course, you now have to forward a new port.

 

Just a thought.

 

Sent from Tapatalk

 

 

 

Share this post


Link to post

I have setup the tunnel configuration and I am working on adding a peer. I want to use the 'Remote access to LAN' setting, but when I go to apply it the button won't click. Anyone else having this problem?

Share this post


Link to post
10 hours ago, xl3b4n0nx said:

I have setup the tunnel configuration and I am working on adding a peer. I want to use the 'Remote access to LAN' setting, but when I go to apply it the button won't click. Anyone else having this problem?

Select Advanced mode and check if a mandatory field is missing

 

A bug in the latest version, need to correct that.... DONE

Edited by bonienl

Share this post


Link to post

I made an update available with the fix. Version: 2019.12.26d

 

Regarding local endpoint, this could happen due to a mistake in one of the earlier versions. You need to enter it again and it should work from now on.

 

Perhaps it is a good idea to re-apply the settings (just make a change and undo the change to activate Apply). This will generate a new and proper settings file for both server and peer(s).

 

Edited by bonienl

Share this post


Link to post

More updates... version 2019.12.26b 2019.12.26c 2019.12.26d

VPN tunneled access was broken.

 

Edited by bonienl

Share this post


Link to post

I'm using wireguard to have all unraid outgoing connections go though a VPN.  Pain to setup as some of the options needed wont allow.  I had to export the config it generated, make the changes and import it back, and if I make any change though the UI it fails again.

 

Either way, that's setup now but it seems like any outside data I forward through my router to a docker doesn't work.

 

Example, I am using a MQTT docker with bridge networking. I setup port forward on my router for 1883 to unraid.  It was working fine/is working fine.  If I have the VPN connected I cant connect to the MQTT server from outside my network.  If I turn off the VPN it works fine again.  Is there something i need to do to make this work?

 

 

Share this post


Link to post
1 hour ago, RAINMAN said:

I'm using wireguard to have all unraid outgoing connections go though a VPN.  Pain to setup as some of the options needed wont allow.  I had to export the config it generated, make the changes and import it back, and if I make any change though the UI it fails again

Care to explain in more detail, perhaps with screenshots?

 

1 hour ago, RAINMAN said:

but it seems like any outside data I forward through my router to a docker doesn't work.

If I understand you correctly, you have set up a "VPN tunneled access" connection.

Such a connection allows Unraid to reach the outside world via a VPN provider, but likely not the other way round. Depends on the VPN provider.

Share this post


Link to post
7 hours ago, bonienl said:

Care to explain in more detail, perhaps with screenshots?

 

If I understand you correctly, you have set up a "VPN tunneled access" connection.

Such a connection allows Unraid to reach the outside world via a VPN provider, but likely not the other way round. Depends on the VPN provider.

Ok, maybe I had some field wrong, when I go through it again from scratch it works.  There is no way to set DNS though.  Perhaps there can be a field for additional custom options.  My VPN will try and push 10.9.0.1 as its DNS for my external devices but when I am internal to my network I want to force DNS = 192.168.254.50, 192.168.254.30.

 

I have VPN tunneled access, yes.  I am not trying to send to the VPN though.

 

Remote server -- 1883 --> Home IP (Router) Forward to -- 1883 --> 192.168.254.3 --> MQTT Docker.

 

I wouldn't expect the VPN to have any impact on this route?  If I disable the VPN it works so somehow the VPN is blocking the connection to the local IP of my unraid box.

 

If I use MQTT internal to my network its fine VPN on or off.

Edited by RAINMAN

Share this post


Link to post

If I put by MQTT docker on a custom: br0 network and assign it an IP and port forward to that IP, then I can get my outside connection to work but all my internal connections are dead because I have to go through and re-program them all. (many are arduinos so its a PITA if I need to change the IP)

 

Edit: it gets weirder, from a different webserver it does seem to connect fine.  I'm not sure where it would be blocking traffic from that server only, and only when the VPN is enabled.  Any suggestions where to look or what to look at?

Edited by RAINMAN

Share this post


Link to post
On 12/23/2019 at 6:55 PM, FreeMan said:

It doesn't go away. As noted in the OP (or somewhere on the first page) if you do not have uPNP enabled, unRAID cannot set up the port forward for you, so it puts up the "nag" reminder and it stays. If it doesn't do the work for you, it can't tell that you've done it, so it just leaves it there.

 

That said, maybe in some future version, it might be able notice a successful connection and remove the nag assuming that a connection means you got the port forward set up right.

Thanks, Yes I got it working but I just assumed the "nag" reminder would go away. Thanks for the input though, it was driving me nuts. 

Share this post


Link to post

I am using Wireguard and have been for a couple of weeks. The remote access was working great. As of today, I am now getting the error "UPnP: forwarding not set" Or UPnP: **.**.**.***:51820->192.168.0.166:51820/UDP

 

Any ideas?

Share this post


Link to post
5 minutes ago, BigIron said:

I am using Wireguard and have been for a couple of weeks. The remote access was working great. As of today, I am now getting the error "UPnP: forwarding not set" Or UPnP: **.**.**.***:51820->192.168.0.166:51820/UDP

 

Any ideas?

I had to redo the Wireguard authorization completely. The handshake dropped.

Share this post


Link to post

When using UPnP, Unraid will periodically check the status on your router.

This requires server and router to communicate with each other.

If this communication gets broken or the router lost the UPnP setting, you will the message that UPnP is not set

Share this post


Link to post

Hello,

has someone already done a server to server setup? I want to connect 2 unraid servers on different locations.

Any hints?

Gesendet von meinem MI 8 mit Tapatalk

Share this post


Link to post

I'm having issues with getting the handshake to successfully occur.

 

I have WG setup on my Unraid server using the public IP. (I will use DDNS later, but I'm trying to reduce variables to solve this problem.)

I am running an EdgeRouter and setup a port forward to my unraid server.  I've ensured bridging is enabled on eth0.

 

I have configured a peer as "Remote Access to LAN" and tested this config using the QR code method on my iPhone.  I can't get my iPhone to handshake with Unraid.  I have Local server uses NAT set to Yes for now.  Will setup the static route later once I can get the basic stuff working.

 

Here is an screenshot of my configuration:

 

I read through this whole thread and saw some people had the same issue as me and tried the different solutions that worked for them, but none worked for me.  Any thoughts on what I can do to identify the issue? Thanks!

 

wg-config-screenshot.png

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.