Jump to content
ljm42

WireGuard quickstart

594 posts in this topic Last Reply

Recommended Posts

3 minutes ago, quinctilius said:

As I was writing this, I have solved the issue!!!

 

I was using my phone data as a hotspot Wifi to test my Wireguard setup.

 

I have just tried on my works Wifi, and it seems to be working.  So please excuse my complete incompetence, although still don't know why my Laptop Wireguard won't work over my phones data connection, but the phone it self does???

Interesting, the hotspot must be blocking the UDP port. I would not have guessed that.  Glad you were able to get it working!

Share this post


Link to post

Is it only possible to have one active tunnel at a time?

I've been trying to set up a second one to create a game network. I have another one, an admin network that has docker access that's working fine. But this second one I can get the client and server to handshake. Any idea what the issue might be?

Share this post


Link to post
On 10/15/2019 at 1:24 PM, bu2d said:

I was having problems getting this all to work but I figured it out after about an hour.

 

I was able to connect to the vpn but was not able to connect to anything on my network or get an internet connection on my phone.

 

It turned out to be a DNS issue and adding the address of my home router as the DNS server to the wireguard app on my phone fixed all of my problems.  
 

Overall, easier to setup than openvpn but still took a while to troubleshoot.
 

I will probably keep openvpn as a backup to wireguard.

This needs to be noted for dummies like me. I took me a while to figure out as well. I tried to set it as my pi-hole as DNS but no go. Setting to my router DNS worked for internet access.

Share this post


Link to post
13 minutes ago, in_trauma said:

I tried to set it as my pi-hole as DNS but no go

Even though you've solved this, should be noted for others that there is zero reason to ever set pi-hole as your DNS for unRaid.  Causes too many issues.  And if you're using the webUI boot mode and surfing via Firefox random websites (and hence wanting ad blocking there), then you also shouldn't be doing that.  That boot mode is designed for management of the server, not surfing around.

Share this post


Link to post

To share my experience as I had quite a difficult time setting it up with my multiple VLANs, I ended up just clicking Add Peer and leaving everything at default (besides naming the peer). After I did that I downloaded the setup (or used the QR code on my phone) and editing all of the properties in the respective apps (DNS, different networks, etc). Trying to get all of the settings dialed in on the GUI in Unraid never worked properly.

Share this post


Link to post

Can anyone tell me what I am doing wrong ? I signed up with an VPN-service that offers wireguard (mullvad.net) and downloaded the config.file and imported it. But wireguard does not connect.

 

wireguard.PNG

Share this post


Link to post

Remove the IPv6 addresses from the configuration file and test with IPv4 only.

Share this post


Link to post
On 3/1/2020 at 3:35 PM, Squid said:

Even though you've solved this, should be noted for others that there is zero reason to ever set pi-hole as your DNS for unRaid.  Causes too many issues.  And if you're using the webUI boot mode and surfing via Firefox random websites (and hence wanting ad blocking there), then you also shouldn't be doing that.  That boot mode is designed for management of the server, not surfing around.

I have my pihole server set as my DNS and no issues and why do you say there is no reason?  It’s blocking all the sad malware and ads when I’m remotely connected as it would when I’m home

 

works great!

Share this post


Link to post
49 minutes ago, bonienl said:

Remove the IPv6 addresses from the configuration file and test with IPv4 only.

That! And set the little inactive switch at the top to active

Share this post


Link to post
Posted (edited)

Is there a way that I can connect unraid to a Wireguard VPN and route all traffic from my unraid through that? 

 

EDIT: I literally just scrolled down from this post and I found this: 

 

Ugh..

Edited by calebcoverdale

Share this post


Link to post
1 hour ago, Can0nfan said:

I have my pihole server set as my DNS and no issues and why do you say there is no reason?  It’s blocking all the sad malware and ads when I’m remotely connected as it would when I’m home

 

works great!

Squid is meaning using pi-hole as the DNS server unRaid uses for itself. Though looking at the replies for it I don't get why this is pointed out. I don't use it for my server, and that's because I host it on that server.
I might personally try it if it was hosted off the server, but I could see there being issues where it might block something unRaid needs by accident. It's unlikely you'll need to filter the traffic for unRaid though.

Pi-hole is fine to use as the DNS server for wireguard, though there's some tweaks you need to do if you're hosting pi-hole on the same unRaid server as wireguard.

Share this post


Link to post

Thanks, for the answer. Another stupid question: Is it possible to only route specific containers through wireguard? Rigth now I only  have the need for ruTorrent to use wireguard. 

Share this post


Link to post

Removing the ipv6 from the config-file made no difference. When I flip the inactive-button to active it resets after clicking "done"

Share this post


Link to post
10 hours ago, Cliff said:

I signed up with an VPN-service that offers wireguard (mullvad.net) and downloaded the config.file and imported it

 

9 hours ago, calebcoverdale said:

Is there a way that I can connect unraid to a Wireguard VPN and route all traffic from my unraid through that? 

 

This is the thread you are looking for. It is linked in the OP:

 

Share this post


Link to post

Can I set this up remotely while connected via OpenVPN or will there be conflicts and/or issues?

Share this post


Link to post

Well I did the update last night to Unraid and while configuring wiregurard I am I have loss all web access to my unraid server and not trying to figure out a way to stop it or remove it from terminal access via Supermicro iKvm into since I have neither keyboard and or video from directly connect.  What freaken way to start a Saturday morning.......should know better to do an update. 

Share this post


Link to post
On 3/5/2020 at 5:14 AM, Ryonez said:

Squid is meaning using pi-hole as the DNS server unRaid uses for itself. Though looking at the replies for it I don't get why this is pointed out. I don't use it for my server, and that's because I host it on that server.
I might personally try it if it was hosted off the server, but I could see there being issues where it might block something unRaid needs by accident. It's unlikely you'll need to filter the traffic for unRaid though.

Pi-hole is fine to use as the DNS server for wireguard, though there's some tweaks you need to do if you're hosting pi-hole on the same unRaid server as wireguard.

 

Can you please explain what tweaks need to be done?

I'm a new user, configured unraid, wireguard and installed pi-hole (docker).

 

Changed the DNS on my router to use pi-hole dns server and everything works fine on my local network.

But when I use my phone outside the LAN, there's no ad blocking...

Thanks!

Share this post


Link to post

Hey guys,


A random question.  Could I use wireguard as a remote tunnel access for a whole network instead of just 1 client?  Anyone done this?

 

Share this post


Link to post

Got this installed it was super easy! However, I can't reach my unRAID box. I think that it is becuase I have https cert and it resolves to <servername>.local, and when I am on my phone connected to wireguard the DNS can't resolve / find what the address should be? Just me saying smart things trying to sound smart lol.

Does anyone have any thoughts on this? locally i can use the ip and it automatically switches to https using the hostname.local, this is why i am thinking that this is what is happening, i am on VPN as I have tested connecting to my home assistant instance and it works.

Share this post


Link to post

Ran into a weird issue after upgrading to 6.8.3 and was hoping someone might know what went bad. When I connect to Wireguard from my phone or laptop outside of my network I am unable to access my VMs with RDP or Splashtop that are inside the network. My main VM is located at 192.168.85.112 and the unraid server is located at 192.168.85.111.

 

It seems like the NAT isn't working properly. Initially I had a lot of networking issues after upgrading so I deleted by network config and rebuilt it, and this fixed most of my issues. It seems like the RDP applications aren't making the link from the 10.253.0 subnet to the 192.168.85 subnet. This was working without any issues before I upgraded to 6.8.3, so I'm not totally sure what could have happened. Thanks for any help!

 

1097271641_ScreenShot2020-03-11at2_37_34PM.thumb.png.c9bcb3a746aad914a8b5cbe8da4c0e79.png

Share this post


Link to post
Posted (edited)

Small followup to my last post. It seems that with the Remote Access to LAN setting I am not actually able to access anything on the LAN. I checked that bridging is enabled and I can ping the server on both 10.253.0.1 and 192.168.85.111, but I can't seem to ping any other devices on the network. I downgraded back to 6.8.2 hoping that might help, but it doesn't seem like it changed anything.

 

EDIT: So I reinstalled the OpenVPN AS docker container just to see if that would work, and connecting through that gives me full access to the whole LAN, so the issue is only occurring with wireguard on my server. I guess OpenVPN isn't a bad backup option, but I liked how lightweight wireguard is.

Edited by phrozen087

Share this post


Link to post

I have wireguard working well.  I can connect to my unraid network, and access things like my router on that network.  I set it up for Remote Access to LAN.  HOWEVER, I cant access other computers on that network?  Like in windows, if I try to see network devices, I cant see my unraid server on there.  But I can see my local NAS and other devices.  AND when I am physically on my Unraid network, I can see the Unraid server in network devices.

 

Any help would be greatly appreciated.  

Share this post


Link to post

I've set up a wireguard remote tunneled access on my unraid server, and I've set the Local tunnel firewall to 192.168.1.1/24

 

However, from my phone I'm still able to access the Unraid UI on http://192.168.1.227:8080 when I'm connected to the WG tunnel

 

Any ideas?

Share this post


Link to post

The firewall function on the WG tunnel can only deny/permit access to devices other than Unraid itself.

 

Share this post


Link to post

I want to replace my Raspi Wireguard Cient with my Unraid Machine.

To me it looks like Unraid can only be a server, but is it also possible to make it a client?

 

Server is a AWS cloud server. Then I have Client Site A and Client Site B(Unraid).

On the Rapspi I use the folloWing config to also allow access to my LAN for other clients:

 

[Interface]
PrivateKey = KEY
Address = 10.8.0.6/24
DNS = 10.8.0.1

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


[Peer]
PublicKey = KEY
PresharedKey = KEY
Endpoint = myserverdomain.com:port
AllowedIPs = 10.6.0.0/24, 192.168.189.0/24(subnet Site A)
PersistentKeepalive = 25

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.