WireGuard quickstart


ljm42

676 posts in this topic Last Reply

Recommended Posts

3 minutes ago, quinctilius said:

As I was writing this, I have solved the issue!!!

 

I was using my phone data as a hotspot Wifi to test my Wireguard setup.

 

I have just tried on my works Wifi, and it seems to be working.  So please excuse my complete incompetence, although still don't know why my Laptop Wireguard won't work over my phones data connection, but the phone it self does???

Interesting, the hotspot must be blocking the UDP port. I would not have guessed that.  Glad you were able to get it working!

Link to post
  • Replies 675
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Note: this community guide is offered in the hope that it is helpful, but comes with no warranty/guarantee/etc. Follow at your own risk.     What can you do with WireGuard? Let's walk t

Thanks for the quick writeup! I was scratching my head for a good 10 minutes until I realized I had to toggle Inactive to Active. Not sure why my mind read that as clicking inactive would inactivate i

I found if you do someething strange in the set up and hit apply, you will lose access to the server...you will not be able to ping it or load the interface.   to fix without rebooting after

Posted Images

Is it only possible to have one active tunnel at a time?

I've been trying to set up a second one to create a game network. I have another one, an admin network that has docker access that's working fine. But this second one I can get the client and server to handshake. Any idea what the issue might be?

Link to post
On 10/15/2019 at 1:24 PM, bu2d said:

I was having problems getting this all to work but I figured it out after about an hour.

 

I was able to connect to the vpn but was not able to connect to anything on my network or get an internet connection on my phone.

 

It turned out to be a DNS issue and adding the address of my home router as the DNS server to the wireguard app on my phone fixed all of my problems.  
 

Overall, easier to setup than openvpn but still took a while to troubleshoot.
 

I will probably keep openvpn as a backup to wireguard.

This needs to be noted for dummies like me. I took me a while to figure out as well. I tried to set it as my pi-hole as DNS but no go. Setting to my router DNS worked for internet access.

Link to post
13 minutes ago, in_trauma said:

I tried to set it as my pi-hole as DNS but no go

Even though you've solved this, should be noted for others that there is zero reason to ever set pi-hole as your DNS for unRaid.  Causes too many issues.  And if you're using the webUI boot mode and surfing via Firefox random websites (and hence wanting ad blocking there), then you also shouldn't be doing that.  That boot mode is designed for management of the server, not surfing around.

Link to post

To share my experience as I had quite a difficult time setting it up with my multiple VLANs, I ended up just clicking Add Peer and leaving everything at default (besides naming the peer). After I did that I downloaded the setup (or used the QR code on my phone) and editing all of the properties in the respective apps (DNS, different networks, etc). Trying to get all of the settings dialed in on the GUI in Unraid never worked properly.

Link to post
On 3/1/2020 at 3:35 PM, Squid said:

Even though you've solved this, should be noted for others that there is zero reason to ever set pi-hole as your DNS for unRaid.  Causes too many issues.  And if you're using the webUI boot mode and surfing via Firefox random websites (and hence wanting ad blocking there), then you also shouldn't be doing that.  That boot mode is designed for management of the server, not surfing around.

I have my pihole server set as my DNS and no issues and why do you say there is no reason?  It’s blocking all the sad malware and ads when I’m remotely connected as it would when I’m home

 

works great!

Link to post
1 hour ago, Can0nfan said:

I have my pihole server set as my DNS and no issues and why do you say there is no reason?  It’s blocking all the sad malware and ads when I’m remotely connected as it would when I’m home

 

works great!

Squid is meaning using pi-hole as the DNS server unRaid uses for itself. Though looking at the replies for it I don't get why this is pointed out. I don't use it for my server, and that's because I host it on that server.
I might personally try it if it was hosted off the server, but I could see there being issues where it might block something unRaid needs by accident. It's unlikely you'll need to filter the traffic for unRaid though.

Pi-hole is fine to use as the DNS server for wireguard, though there's some tweaks you need to do if you're hosting pi-hole on the same unRaid server as wireguard.

Link to post
10 hours ago, Cliff said:

I signed up with an VPN-service that offers wireguard (mullvad.net) and downloaded the config.file and imported it

 

9 hours ago, calebcoverdale said:

Is there a way that I can connect unraid to a Wireguard VPN and route all traffic from my unraid through that? 

 

This is the thread you are looking for. It is linked in the OP:

 

Link to post

Well I did the update last night to Unraid and while configuring wiregurard I am I have loss all web access to my unraid server and not trying to figure out a way to stop it or remove it from terminal access via Supermicro iKvm into since I have neither keyboard and or video from directly connect.  What freaken way to start a Saturday morning.......should know better to do an update. 

Link to post
On 3/5/2020 at 5:14 AM, Ryonez said:

Squid is meaning using pi-hole as the DNS server unRaid uses for itself. Though looking at the replies for it I don't get why this is pointed out. I don't use it for my server, and that's because I host it on that server.
I might personally try it if it was hosted off the server, but I could see there being issues where it might block something unRaid needs by accident. It's unlikely you'll need to filter the traffic for unRaid though.

Pi-hole is fine to use as the DNS server for wireguard, though there's some tweaks you need to do if you're hosting pi-hole on the same unRaid server as wireguard.

 

Can you please explain what tweaks need to be done?

I'm a new user, configured unraid, wireguard and installed pi-hole (docker).

 

Changed the DNS on my router to use pi-hole dns server and everything works fine on my local network.

But when I use my phone outside the LAN, there's no ad blocking...

Thanks!

Link to post

Got this installed it was super easy! However, I can't reach my unRAID box. I think that it is becuase I have https cert and it resolves to <servername>.local, and when I am on my phone connected to wireguard the DNS can't resolve / find what the address should be? Just me saying smart things trying to sound smart lol.

Does anyone have any thoughts on this? locally i can use the ip and it automatically switches to https using the hostname.local, this is why i am thinking that this is what is happening, i am on VPN as I have tested connecting to my home assistant instance and it works.

Link to post

Ran into a weird issue after upgrading to 6.8.3 and was hoping someone might know what went bad. When I connect to Wireguard from my phone or laptop outside of my network I am unable to access my VMs with RDP or Splashtop that are inside the network. My main VM is located at 192.168.85.112 and the unraid server is located at 192.168.85.111.

 

It seems like the NAT isn't working properly. Initially I had a lot of networking issues after upgrading so I deleted by network config and rebuilt it, and this fixed most of my issues. It seems like the RDP applications aren't making the link from the 10.253.0 subnet to the 192.168.85 subnet. This was working without any issues before I upgraded to 6.8.3, so I'm not totally sure what could have happened. Thanks for any help!

 

1097271641_ScreenShot2020-03-11at2_37_34PM.thumb.png.c9bcb3a746aad914a8b5cbe8da4c0e79.png

Link to post

Small followup to my last post. It seems that with the Remote Access to LAN setting I am not actually able to access anything on the LAN. I checked that bridging is enabled and I can ping the server on both 10.253.0.1 and 192.168.85.111, but I can't seem to ping any other devices on the network. I downgraded back to 6.8.2 hoping that might help, but it doesn't seem like it changed anything.

 

EDIT: So I reinstalled the OpenVPN AS docker container just to see if that would work, and connecting through that gives me full access to the whole LAN, so the issue is only occurring with wireguard on my server. I guess OpenVPN isn't a bad backup option, but I liked how lightweight wireguard is.

Edited by phrozen087
Link to post

I have wireguard working well.  I can connect to my unraid network, and access things like my router on that network.  I set it up for Remote Access to LAN.  HOWEVER, I cant access other computers on that network?  Like in windows, if I try to see network devices, I cant see my unraid server on there.  But I can see my local NAS and other devices.  AND when I am physically on my Unraid network, I can see the Unraid server in network devices.

 

Any help would be greatly appreciated.  

Link to post
  • 2 weeks later...

I've set up a wireguard remote tunneled access on my unraid server, and I've set the Local tunnel firewall to 192.168.1.1/24

 

However, from my phone I'm still able to access the Unraid UI on http://192.168.1.227:8080 when I'm connected to the WG tunnel

 

Any ideas?

Link to post

I want to replace my Raspi Wireguard Cient with my Unraid Machine.

To me it looks like Unraid can only be a server, but is it also possible to make it a client?

 

Server is a AWS cloud server. Then I have Client Site A and Client Site B(Unraid).

On the Rapspi I use the folloWing config to also allow access to my LAN for other clients:

 

[Interface]
PrivateKey = KEY
Address = 10.8.0.6/24
DNS = 10.8.0.1

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


[Peer]
PublicKey = KEY
PresharedKey = KEY
Endpoint = myserverdomain.com:port
AllowedIPs = 10.6.0.0/24, 192.168.189.0/24(subnet Site A)
PersistentKeepalive = 25

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.