October 12, 20196 yr 4 minutes ago, SpaceInvaderOne said: .................but............lol shouldn't you have asked that before setting it up ! 😉 Its probably 101% securer then RDP.. But iw as too early, i can connect, but the internet traffic still goes over mobile, also i cant reach local adresses, ive read the whole post, i checked all things mentioned, will try later agian and report back. Does WireGuard give an error on android if it cant connect? Bc it seems to work (that little key is in the "taskbar") Edited October 12, 20196 yr by nuhll
October 12, 20196 yr The biggest complaint about wireguard AFAIK is that it doesn't support dynamic IP addresses, which inherently violates some privacy policies of VPN services. See here: https://restoreprivacy.com/wireguard/ Myself I've been using it religiously since the first test release of 6.8 (back in March) and have no worries about it at all.
October 12, 20196 yr 5 minutes ago, nuhll said: But iw as too early, i can connect, but the internet traffic still goes over mobile, also i cant reach local adresses, ive read the whole post, i checked all things mentioned, will try later agian and report back. Set the peer type to remote tunneled access rather than remote access to server. (but you must add the peer tunnel address)
October 12, 20196 yr 37 minutes ago, SpaceInvaderOne said: Set the peer type to remote tunneled access rather than remote access to server. (but you must add the peer tunnel address) Sorry what exactly is peer tunnel address? Is it unraid? Is it a free client ip for the mobile? edit: ive set it now to 10.253.0.10 - but i dont know what im doing Edited October 12, 20196 yr by nuhll
October 12, 20196 yr I can get it working using my WAN IP without any problem but I can't seem to get it to work with my DDNS url.
October 12, 20196 yr 1 minute ago, RockDawg said: I can get it working using my WAN IP without any problem but I can't seem to get it to work with my DDNS url. R u sure your dns points to the correct IP? (and unraid also see the correct ip, try ping your dns via unraid terminal) Edited October 12, 20196 yr by nuhll
October 12, 20196 yr 3 minutes ago, nuhll said: Sorry what exactly is peer tunnel address? Is it unraid? Is it a free client ip for the mobile? No it the peer setting in the plugin. Check post here
October 12, 20196 yr It pings fine. Now how do I stop the ping? LOL I'm used to WIndows where its stops after 3 times.
October 12, 20196 yr Just saw that Googling too. Thanks! What is the IP address the ping command shows? It is not the same as my WAN?
October 12, 20196 yr Turns out the problem was that I use CloudFlare for DDNS and they have proxy turned on by default. The IP address that was showing in ping was their proxy for my my IP. I disabled the proxy on that particular CNAME and WireGuard works fine now with my DDNS url. Thanks for the ping suggestion nuhll! Edited October 12, 20196 yr by RockDawg
October 12, 20196 yr 21 minutes ago, SpaceInvaderOne said: No it the peer setting in the plugin. Check post here LoL, i know. But what i dont know is what to set there? Is it the client ip inside the VPN network? Is it my unraids ip range?
October 12, 20196 yr great work, I've been waiting for wireguard support for some time, as I am using a mobile router that has support for it baked in. Three quick questions though: is it a good Idea to run the server natively on the host OS? I know that the support in the kernel is needed, but I'd rather have the work part moved to a Docker, for example adding to top 1, I'd also prefer to run the VPN traffic in a separate VLAN and let my router do its thing. How can I achive this on the host OS? somewhat into off-topic, but is there a wireguard server distro I can run separately and use the client side on unRAID only? Thanks in Advance for your support! geetz, ford
October 12, 20196 yr well i was able to crash unraid 6.8 (not able to ping or access gui through my socks proxy at work) i use the command line on another unraid server to try and ping the 6.8 one and it wont respond. here is what i did I have Remote to Lan set up with two peers (iphone and a laptop with fedora 30 workstation) for allowed IP's it had the default for the tunnel 10.253.0.1 and my home LAN 10.0.0.0/24 I added my IoT VLAN subnet to the iPhone peer 10.0.107.0/24 and hit apply its crashed hard lol...im going to remotely power cycle it and hope it recovers if i can see diagnostics on the flash drive or can recreate it from home ill post diagnostics I would also like to ask if there is a way to disable wireguard from auto starting up if my config is the problem and preventing my gui and IP from being pingable on my LAN Edited October 12, 20196 yr by Can0nfan asking for autostart assitance
October 12, 20196 yr yeah i think the auto start of wireguard with that config is breaking my unraid now, when i pop the power off via a smart plug and power it back up i get one ping then it dies any way to remove wireguard from the USB to reboot without it and set up wireguard from scratch?
October 12, 20196 yr @ljm42 I checked a wrong box when I was forwarding the port.. smh... all working.
October 13, 20196 yr i will try booting to safe mode when i get home to remove the wireguard plugin to reboot normally hopefully then ill re-install it. @ljm42 is there anywhere in the USB boot drive the wireguard config file resides after its plugin is removed that i should remove so my system will start up normally?
October 13, 20196 yr ok a wee bit of a pain to fix....booted to safe mode and removed the plugin and its folder dynamix.wireguard and dynamix.wireguard.plg and reboot and my server still wasnt pingable. i went to etc/ and saw a wireguard@ file that i removed. stil no fix. ifconfig still showed my br0 and wg0 configs. as soon as i typed "ip link delete wg0" i could ping the server again so far everything is back up with new VPN setup and not pushing the IoT Vlan subnet to wireguard anymore
October 13, 20196 yr Author Hi, sorry was offline this afternoon and won't be on much tomorrow either. 4 hours ago, Can0nfan said: is there anywhere in the USB boot drive the wireguard config file resides Yes, the files are in /boot/config/wireguard/ . If you delete those files and reboot then you can start fresh. Sorry you had to go through all that. 6 hours ago, blackrabbit said: I checked a wrong box when I was forwarding the port.. smh... all working. Glad you got it working! So this is where the "undetectable to bad guys" part of wireguard is tough, it makes it super hard to troubleshoot.
October 13, 20196 yr Author 7 hours ago, Ford Prefect said: is it a good Idea to run the server natively on the host OS? I know that the support in the kernel is needed, but I'd rather have the work part moved to a Docker, for example adding to top 1, I'd also prefer to run the VPN traffic in a separate VLAN and let my router do its thing. How can I achive this on the host OS? somewhat into off-topic, but is there a wireguard server distro I can run separately and use the client side on unRAID only? 1. We wanted a solution that works *before* the array is started, that means not a docker or a VM. 2 & 3. I'd suggest running WireGuard on a raspberry pi. Then you can complicate your network as much as you want without affecting Unraid
October 13, 20196 yr Author 7 hours ago, nuhll said: Sorry what exactly is peer tunnel address? Go to Settings -> VPN Manager and switch from basic to advanced mode and look at the settings for your server, you'll see a "local tunnel network pool". It will be something like 10.253.0.0/24. All devices in this tunnel get their own unique tunnel address, from 10.253.0.1 to 10.253.0.253. Unraid manages this for you automatically, except for the bug that has been reported when using "remote tunneled access". Until that is fixed, you can pick any IP from 10.253.0.1 to 10.253.0.253, as long as it isn't already assigned to another client on this page.
October 13, 20196 yr On 10/12/2019 at 10:12 AM, H2O_King89 said: I can't get remote tunneled access to work. Gives Invalided QR Code This is fixed
October 13, 20196 yr Got this working perfectly on my android phone with remote tunneled access. One thing i noticed, by default wireguard doesn't use the routers dns. So if your using diversion on an asus router or a pihole then your dns settings will need to be added to the wireguard app. After that adblocking works perfectly. Great work on this new feature Edited October 13, 20196 yr by esoteradactyl
October 13, 20196 yr The WireGuard function has no knowledge at all about DNS settings of the peer(s). Consequently these are left out of the peer configuration, but can be manually added on the peer (phone, laptop, etc) once the configuration is loaded. At the server side the DNS entries of the server itself are taken.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.