Jump to content
ljm42

WireGuard quickstart

538 posts in this topic Last Reply

Recommended Posts

I am very new. Just built my first demo UnRaid server before I convert my existing file server to UnRaid.

 

I was able to install and setup WireGuard plugin (2020.02.23) on my server and I was able to get my iPhone to connect to the VPN using the wireguard app and . However I am not able to access the server URL via chrome on the phone to access the server. When I try this phone on the cell carrier, not on wifi.. but stil no luck. I have tried url 10.253.0.0, 10.253.0.1 and 10.253.0.2 with no luck. Am I not using the correct url?

 

I am running version 6.8.3 with a certificate on the server, which creates this type of url "https://xxxxxxxxxxxxxxxxxxxx0f70a3509e8cda340.unraid.net/Plugins". My disk are not encrypted.

 

I have done the port forward, I believe correctly on my FIOS router.  the 32400 is for my Plex.

image.thumb.png.2354a6aa8606762f2260737c1ee0f055.png

 

I might be giving you more info than is needed but figured better safe than sorry. Any help is much appreciated.

 

image.thumb.png.71d2d90d35edb57f7402967e83129e42.png

image.thumb.png.8f0e60129cb31df305d98aefb8499124.png

 

image.thumb.png.d1192d0399ea73fd5b0bbf32030903b6.pngimage.thumb.png.27d1c3e3568f983a872116a102126f40.png

image.png

Share this post


Link to post

I got it working. I ending up resetting everything and starting over. Not sure if that fixed because at the end this time I bounced my router...... when it came back up I got my iphone, turned off cellular service and setup VPN again on wireguard app. I got in, then tried my 10.253.0.2 address and the loggin for unraid popped up.... logged and can see all the areas.... great.

 

Maybe I just needed to reboot my router.... anyway I am in and wanted to share in case anyone has not bounced their router enough....:)

Share this post


Link to post
On 6/29/2020 at 2:58 AM, jonathanm said:

Maybe because you have a container using openvpn?

hmm yeah i guess you are right. using delugevpn docker... and that one may use openvpn.. (didnt think of that one... :-) )

Share this post


Link to post

Just upgraded to Beta 24 and lost activity on dash, I am connected now and using Tunnel but the dashboard has this displaying

 

image.png.1d1fc27f1e9e06b5db0e9f6307b37a5f.png

Share this post


Link to post
On 7/8/2020 at 1:11 PM, Gdtech said:

Just upgraded to Beta 24 and lost activity on dash, I am connected now and using Tunnel but the dashboard has this displaying

This is resolved in the latest version of the Dynamix WireGuard plugin

Share this post


Link to post
Posted (edited)

I set Wireguard on UnRAID. I downloaded the profile on my iPhone, it's working.

 

After I installed Wireguard on a desktop (Windows10), connected but no handshake on unraid ? Do you know why ?

 

image.png.8b1399b288115eab90c21c62f1fb12fc.png

 

image.png.67a35aa49d2fbda61df41b4c63e65dd0.png

 

Update: Changed from "Remote access to Server" to "Remote access to LAN" and it's working, do you know why handshake doesn't work with remote access to server ?

Edited by Alex.b

Share this post


Link to post
9 hours ago, Alex.b said:

Update: Changed from "Remote access to Server" to "Remote access to LAN" and it's working, do you know why handshake doesn't work with remote access to server ?

Are the desktop and unraid systems on different networks with different IP ranges? 

 

Also, be sure that you download a new client config every time you make an adjustment in the webgui.

Share this post


Link to post

Not sure mine did the same, have not tried with new version yet.

Share this post


Link to post

Hi - I would appreciate any help to troubleshoot my Wireguard connection via Pfsense to Unraid. I have tried all the troubleshooting steps on page 1 with no success. I have been trying to connect using my Samsung Galaxy S9 with wifi disabled (data comms only). My pfsense ability is limited - I have not been able to detect any attempts to access the router by Wireguard using packet capture, but I may not have set this up correctly.

Screenshots attached - please ask if more are needed

Pfsense port fwd firewall rule.PNG

Pfsense port fwd settings.PNG

Phone_WireGuard.png

Phone_WireGuardfail.png

Unraid network settings.PNG

Unraid VPN settings.PNG

Share this post


Link to post
32 minutes ago, Steviewunda said:

Phone_WireGuardfail.png

 

You are using the wrong url here :) 

 

Once you have started WireGuard on your phone, open your browser and visit:

   http://<unraid internal ip>

(Note: since we are going to an ip address, it must be http not https. That should then redirect to the proper url.)

Share this post


Link to post

Yep that did it thanks very much!!! - I was under the impression that I had to use the duckdns address to circumvent problems with dynamically assigned ip addresses?

Share this post


Link to post
19 minutes ago, Steviewunda said:

Yep that did it thanks very much!!! - I was under the impression that I had to use the duckdns address to circumvent problems with dynamically assigned ip addresses?

If you look at the WireGuard client screenshot you'll see it connects to the duckdns address.  Once the connection has been made you use the network pretty much as if you were physically one the network.

Share this post


Link to post

One more question that google has not been friendly for - what setting do I need to change to access my LAN? Should I add 0.0.0.0/0 to my 'Peer allowed IP's' ?

Share this post


Link to post
47 minutes ago, Steviewunda said:

what setting do I need to change to access my LAN?

Change the "Peer Type of Access" selection.

Share this post


Link to post
Posted (edited)

Hi! I am struggling to get my Wireguard client to access the internet through my VPN.

 

With my client, I can ping my Unraid server, ping docker containers, ping other devices on my LAN, and use my local DNS resolver to correctly resolve hosts. From other devices on my LAN, I can ping my client through its VPN address. From my Unraid server, I can connect to the internet. However, I cannot connect to the internet from my client (I cannot ping 8.8.8.8) or connect to my LAN through its external IP. 

 

My Wireguard configuration is attached as an image. I have enabled Host access to custom networks in my docker settings. I have created the static route and port forward in my router (Archer C8). 

 

Update: I got a traceroute to 8.8.8.8 from my client. The connection goes to my Unraid server’s address in wg0 (192.168.1.1) then to my router (192.168.0.1). So I suppose that my router is probably refusing to forward/NAT traffic outside my LAN subnet. Connections to addresses on my LAN don’t need to go through my router, so it makes sense I could only get to those addresses. Any help would still be appreciated.

 

Update 2: It was in fact my router’s fault. Unfortunately, on the Archer C8, there is no way to get into the configs and allow it to forward packets outside the LAN subnet. I also can’t find any CFW for the C8v4 either, so that kinda sucks. If anyone else runs into this same issue (doubtful), the solution is to host the DHCP server off of the router. Then, you can set the DHCP subnet and the subnet the router uses separately. 

 

 

 

8EF6DB87-FB51-4D6E-BD36-46FCFEEF2C89.jpeg

Edited by deaton.dg
found the solution

Share this post


Link to post

Not connecto to unit network Drive

 

I have a little problem, with WG Plugin, all ok, accesing to the LAN  ( http and https) but when connect to unit network, is not possible.

 

I select in the WG " Remote access LAN"

 

Sin-t-tulo.jpgSin-t-tulo.png

Share this post


Link to post

Hello, I use WireGuard to access to Nextcloud when I’m not at home. I want to set up WireGuard for my sisters (they live in other country) but not routes all traffic to my UnRaid server, just the local IP of the UnRaid server. Is it possible to do this with UnRaid and WireGuard and how ? I’m a relative beginner so sorry if my question is stupid. 

Share this post


Link to post

Select "Remote access to server" as profile.

 

At the peer side, it is possible to access (only) the Unraid server by its wireguard address 10.253.0.1

 

Share this post


Link to post

So if I understand correctly, if my sister on their iPhone access to Google.com, traffic are not routed to WireGuard, right ?

Share this post


Link to post

When you use the profile "Remote access to server", then all traffic will follow the normal route as before.

Make sure the peer (your sister) uses the correct configuration which is generated with this profile.

 

Share this post


Link to post
Posted (edited)

Okay, thank you very much !

 

With this option, she can access to all dockers url ?

 

Like :

 

  • 192.168.1.9:30443 (Nextcloud)
  • 192.168.1.9:3000 (Wikijs)
  • 192.168.1.9:8008 (FreshRSS)

 

etc...

 

Edited by Alex.b

Share this post


Link to post
7 minutes ago, Alex.b said:

With this option, she can access to all dockers url ?

Yes

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.