WireGuard quickstart


ljm42

Recommended Posts

I’m having trouble successfully adding a second client.

 

I got everything functioning properly with a “remote tunnel access” setup for my phone following the directions for complex network setup. When I go to add an additional peer, the first peer no longer functions, even if they are not connected simultaneously.

 

I tried to work around this by setting up a second tunnel, each with one peer, but I seem to only be able to set one tunnel active at a time. 
 

is there any way to successfully add the second peer? 

Link to comment
  • 2 weeks later...

I've gone through the set-up and troubleshooting several times and still having issues with getting Remote Tunneled Access working correctly. Help, I'm stuck. 

 

Symptoms: 

  • Can connect to VPN but only able to access unraid (192.168.1.107)
  • No access to other LAN IPs. I know dockers with custom IPs wont work, but I can't even access IP cameras, other devices, router, etc.
  • No Access to Router (192.168.1.254).
  • No internet when using router ip as DNS. When adding a public dns like 1.1.1.1, I can access internet, but still no access to other LAN devices. 

Troubleshooting

  • Tried connecting from different wifi network that is on different subnet (192.168.68.x)
  • Tried connecting from 5G cell network
  • Tried on both cell phone (wifi and 5g) and laptop (wifi)
  • Updated apps, updated vpn files/config
  • UDP port forwarded
  • Settings>Network Settings>Enable Bridging = Yes
  • Settings>Docker>Host Access to Custom Networks = Yes

I used to use OpenVPN and didnt have issues so I'm pretty sure my network setup isn't overly complicated. Attached images of VPN and Network settings for reference. 

 

network settings.png

vpn settings.png

Link to comment
34 minutes ago, CorserMoon said:

haven't gotten any help so trying a new thread.

Please don't do this. If you feel you haven't gotten attention after a reasonable time, just bump the thread of your original post.

 

There are good reasons crossposting has been considered bad on message boards since before the world wide web. How can we coordinate responses if you have the same question in multiple threads?

 

I have merged your thread back into the original thread.

 

 

  • Like 1
Link to comment
On 11/24/2021 at 12:36 PM, CorserMoon said:

I've gone through the set-up and troubleshooting several times and still having issues with getting Remote Tunneled Access working correctly. Help, I'm stuck. 

 

Symptoms: 

  • Can connect to VPN but only able to access unraid (192.168.1.107)
  • No access to other LAN IPs. I know dockers with custom IPs wont work, but I can't even access IP cameras, other devices, router, etc.
  • No Access to Router (192.168.1.254).
  • No internet when using router ip as DNS. When adding a public dns like 1.1.1.1, I can access internet, but still no access to other LAN devices. 

Troubleshooting

  • Tried connecting from different wifi network that is on different subnet (192.168.68.x)
  • Tried connecting from 5G cell network
  • Tried on both cell phone (wifi and 5g) and laptop (wifi)
  • Updated apps, updated vpn files/config
  • UDP port forwarded
  • Settings>Network Settings>Enable Bridging = Yes
  • Settings>Docker>Host Access to Custom Networks = Yes

I used to use OpenVPN and didnt have issues so I'm pretty sure my network setup isn't overly complicated. Attached images of VPN and Network settings for reference. 

 

network settings.png

vpn settings.png

bump?

Link to comment

Going nuts trying to figure out what is causing my issue with wireguard. Connecting from windows 10 machines. Can access the internet with my browser after connecting to wireguard with the remote tunnelling option however I can not connect to my unraid server. I get "Hmmm… your Internet access is blocked Firewall or antivirus software may have blocked the connection." on 2 different laptops. My server dashboard shows the unraid server online but when I click local access I get the error message.  However on my android phone it works fine after I connect to wireguard. I am able to get to my unraid server and use the tunnel for internet access. Looking for suggestions. 

Link to comment
5 minutes ago, bclinton said:

Going nuts trying to figure out what is causing my issue with wireguard. Connecting from windows 10 machines. Can access the internet with my browser after connecting to wireguard with the remote tunnelling option however I can not connect to my unraid server. I get "Hmmm… your Internet access is blocked Firewall or antivirus software may have blocked the connection." on 2 different laptops. My server dashboard shows the unraid server online but when I click local access I get the error message.  However on my android phone it works fine after I connect to wireguard. I am able to get to my unraid server and use the tunnel for internet access. Looking for suggestions. 

 

Are your other windows machines connecting from a different network/subnet? 

Link to comment
6 minutes ago, CorserMoon said:

 

Are your other windows machines connecting from a different network/subnet? 

No, all devices are on 192.168.1.X

I am wondering if there is something going on specific with windows causing this error message. 

Edited by bclinton
Link to comment
3 minutes ago, CorserMoon said:

No, I mean are the windows machines that you are using wireguard on signed on to a different Wi-Fi network than where the unraid server is? You can't sign into a VPN while still on the same LAN. 

That was my problem! Thanks my friend. I feel stupid :)

 

Now I know to test wireguard from a separate network :)

Link to comment
On 11/24/2021 at 10:36 AM, CorserMoon said:

I've gone through the set-up and troubleshooting several times and still having issues with getting Remote Tunneled Access working correctly. Help, I'm stuck. 

 

Symptoms: 

  • Can connect to VPN but only able to access unraid (192.168.1.107)
  • No access to other LAN IPs. I know dockers with custom IPs wont work, but I can't even access IP cameras, other devices, router, etc.
  • No Access to Router (192.168.1.254).
  • No internet when using router ip as DNS. When adding a public dns like 1.1.1.1, I can access internet, but still no access to other LAN devices. 

Troubleshooting

  • Tried connecting from different wifi network that is on different subnet (192.168.68.x)
  • Tried connecting from 5G cell network
  • Tried on both cell phone (wifi and 5g) and laptop (wifi)
  • Updated apps, updated vpn files/config
  • UDP port forwarded
  • Settings>Network Settings>Enable Bridging = Yes
  • Settings>Docker>Host Access to Custom Networks = Yes

I used to use OpenVPN and didnt have issues so I'm pretty sure my network setup isn't overly complicated. Attached images of VPN and Network settings for reference.

 

 

Everything looks ok. My only suggestion would be to try setting "Use NAT" to No so the webgui tells you what static route to create, and see if creating that helps. 

 

Link to comment
1 hour ago, ljm42 said:

 

Everything looks ok. My only suggestion would be to try setting "Use NAT" to No so the webgui tells you what static route to create, and see if creating that helps. 

 

 

Not sure if this is normal or not, but when looking at the Unraid network settings Routing Table, the 2 VPN IPs (10.253.0.2 & 10.253.0.3) hace "wg0" as the gateway. Is that expected?

 

 

2021-12-06 00_34_12-Executor_NetworkSettings.png

Link to comment

I ran the 'wg' command in unraid to ensure i was connected and I noticed that the peer endpoint (my phone connecting from 5G using duckdns) has a random port on the end of the ip. Is this expected? The server endpoint I set up is [mydomain].duckdns.org:51820. 

 

 

2021-12-06 10_24_48-bash --login (Executor).png

Edited by CorserMoon
Link to comment
10 hours ago, CorserMoon said:

Not sure if this is normal or not, but when looking at the Unraid network settings Routing Table, the 2 VPN IPs (10.253.0.2 & 10.253.0.3) hace "wg0" as the gateway. Is that expected?

 

40 minutes ago, CorserMoon said:

I ran the 'wg' command in unraid to ensure i was connected and I noticed that the peer endpoint (my phone connecting from 5G using duckdns) has a random port on the end of the ip. Is this expected? The server endpoint I set up is [mydomain].duckdns.org:51820. 

 

These are both normal

 

Link to comment
6 hours ago, ljm42 said:

 

 

These are both normal

 

 

hm. I don't know what is going on the. I've tried different vpn subnets, trashing everything and restarting from scratch, and still same behavior. Anyone else here running an ATT residential fiber gateway that has wireguard working? I'm wondering if some baked in firewall rules on the router is the issue. 

Link to comment

I'm having issues with SSH while connected to a wireguard tunnel.

 

My unraid server has a wireguard tunnel set up and a peer with type of access set to remote tunneled access. While my laptop is connected to my server via wireguard I can connect to the internet, access the webui, and SSH into the unraid server.

 

However, while connected to wireguard I cannot SSH into any other machines on my servers LAN nor other machines over the internet. When SSHing into machines on my server's LAN, SSH usually hangs for a bit then outputs "Connection closed by xxx.xxx.xxx.xxx port 22", whereas machines over the internet output "ssh: Could not resolve hostname ssh.xxxxxxx.xxx: Temporary failure in name resolution" when using web address and "Connection closed by xx.xxx.xxx.xxx port 22" when using ip.

 

Any ideas? Thanks in advance.

Link to comment
20 hours ago, chasun said:

I'm having issues with SSH while connected to a wireguard tunnel.

 

My unraid server has a wireguard tunnel set up and a peer with type of access set to remote tunneled access. While my laptop is connected to my server via wireguard I can connect to the internet, access the webui, and SSH into the unraid server.

 

However, while connected to wireguard I cannot SSH into any other machines on my servers LAN nor other machines over the internet. When SSHing into machines on my server's LAN, SSH usually hangs for a bit then outputs "Connection closed by xxx.xxx.xxx.xxx port 22", whereas machines over the internet output "ssh: Could not resolve hostname ssh.xxxxxxx.xxx: Temporary failure in name resolution" when using web address and "Connection closed by xx.xxx.xxx.xxx port 22" when using ip.

 

Any ideas? Thanks in advance.

 

I'm in a similar boat. Wireguard seems to be plug and play for some and broken for others like us.

Link to comment
  • 3 weeks later...

Hello everyone, I seems to have a common issue and I cannot find the problem.

 

I've setup wireguard with 8.8.8.8 as dns. I have Host Access Enabled because if I don't, my pihole running on br0 cannot be contacted. Local server uses nat to no, peer type of access to Remote access to LAN.

 

I also added 2 rules in my pfsense

source: 10.253.0.0/24 (vpn)

destination: unraid ip

protocol: any

 

and

source: 10.253.0.0/24 (vpn)

destination: lan ip address

protocol: any

 

With that, I can access the Internet through my VPN and I can reach my unraid server, but I cannot access anything else on the network (neither docker container with there own IP or other device on the network). I don't have vlan, thus all my devices are on the same subnet, same as my server and my docker with fixed ips.

 

Is there a way to have that?

 

Thank you

Link to comment
21 minutes ago, Nodiaque said:

Hello everyone, I seems to have a common issue and I cannot find the problem.

 

I've setup wireguard with 8.8.8.8 as dns. I have Host Access Enabled because if I don't, my pihole running on br0 cannot be contacted. Local server uses nat to no, peer type of access to Remote access to LAN.

 

I also added 2 rules in my pfsense

source: 10.253.0.0/24 (vpn)

destination: unraid ip

protocol: any

 

and

source: 10.253.0.0/24 (vpn)

destination: lan ip address

protocol: any

 

With that, I can access the Internet through my VPN and I can reach my unraid server, but I cannot access anything else on the network (neither docker container with there own IP or other device on the network). I don't have vlan, thus all my devices are on the same subnet, same as my server and my docker with fixed ips.

 

Is there a way to have that?

 

Thank you

 

Yea, similar issue to me (though I don't use pihole). I can only access unraid when i have the DNS set to my router but no internet and no LAN. If I add a public DNS like 8.8.8.8, I can then access internet, but still no LAN. I've read through dozens of threads and reddit posts and still have been unable to get local LAN access to work. 

Link to comment
 
Yea, similar issue to me (though I don't use pihole). I can only access unraid when i have the DNS set to my router but no internet and no LAN. If I add a public DNS like 8.8.8.8, I can then access internet, but still no LAN. I've read through dozens of threads and reddit posts and still have been unable to get local LAN access to work. 
Give me some examples of things you are trying to access. http://what

Sent from my GM1917 using Tapatalk

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.