December 13, 20223 yr 14 minutes ago, adminmat said: Anyone successfully set up a Raspberry Pi Wreguard Peer? I You are trying to setup a Raspberry Pi as a client (peer) from which to access unRAID server via WireGuard? Perhaps this tutorial will help? I have WireGuard running on a Raspberry Pi from which I generated client (peer) profiles to access my LAN remotely from a phone or laptop if unRAID/WireGuard are down. I also have Pi-Hole running on the same Raspberry Pi. I used this guide and yes, it starts with imaging a Micro SD card for installing WireGuard but I was able to install Pi-Hole after that.
December 13, 20223 yr The answer to this question may be buried somewhere in previous pages. But i have spent some time trying to figure out why I can’t use wire guard anymore just because i have changed out my router. It was setup and working for the last couple years, and now that i have changed router I can’t seem to remotely connect to it anymore. I have asked a few friends who i have created peers for to see if they can connect to it and same thing. No connection. I can’t even ping them once they have it setup and active on their device. Could there be something so small I’m forgetting to do? I’m still running unraid 6.9.2 which I doubt is the reason it isn’t working. After i setup port forwarding on new router i rebooted router to make sure changes took affect. I put in my sub domain from duck dns instead of the endpoint IP to try and get it to connect. I put my isp IP as the local end point and nothing. I did read something somewhere that if router has UPnP then unraid would detect that, but mine is on and server didn’t detect it. Any ideas would be greatly appreciated. Thanks
December 14, 20223 yr Author 16 hours ago, chris111486 said: The answer to this question may be buried somewhere in previous pages. But i have spent some time trying to figure out why I can’t use wire guard anymore just because i have changed out my router. It was setup and working for the last couple years, and now that i have changed router I can’t seem to remotely connect to it anymore. I have asked a few friends who i have created peers for to see if they can connect to it and same thing. No connection. I can’t even ping them once they have it setup and active on their device. Could there be something so small I’m forgetting to do? I’m still running unraid 6.9.2 which I doubt is the reason it isn’t working. After i setup port forwarding on new router i rebooted router to make sure changes took affect. I put in my sub domain from duck dns instead of the endpoint IP to try and get it to connect. I put my isp IP as the local end point and nothing. I did read something somewhere that if router has UPnP then unraid would detect that, but mine is on and server didn’t detect it. Swapping out your router should be fine, seems like there must be an issue with your port forward. It is difficult to troubleshoot WireGuard because it fails silently. All I can suggest is to read the first two posts in this thread carefully, particularly the part about forwarding a UDP port and not a TCP port. If WireGuard on 6.9.2 was working previously you should be able to get it working again. But note that it is rather old code at this point, and no fixes are available for this version. I recommend you look into upgrading to the current version of Unraid.
December 14, 20223 yr 48 minutes ago, ljm42 said: Swapping out your router should be fine, seems like there must be an issue with your port forward. It is difficult to troubleshoot WireGuard because it fails silently. All I can suggest is to read the first two posts in this thread carefully, particularly the part about forwarding a UDP port and not a TCP port. If WireGuard on 6.9.2 was working previously you should be able to get it working again. But note that it is rather old code at this point, and no fixes are available for this version. I recommend you look into upgrading to the current version of Unraid. I will look into the updating process to go from the version I am at now to whatever the newest is. If it seems like too much of a task I may have to wait until after the holidays and then try. But I will check the first 2 posts again in the thread and make sure I didn’t miss anything. You don’t think I would have to go back to nothing and re set up everything again do you? I mean with WireGuard. Not server. 😂 😂
December 16, 20223 yr On 12/13/2022 at 12:54 AM, Hoopster said: You are trying to setup a Raspberry Pi as a client (peer) from which to access unRAID server via WireGuard? Perhaps this tutorial will help? I have WireGuard running on a Raspberry Pi from which I generated client (peer) profiles to access my LAN remotely from a phone or laptop if unRAID/WireGuard are down. I also have Pi-Hole running on the same Raspberry Pi. I used this guide and yes, it starts with imaging a Micro SD card for installing WireGuard but I was able to install Pi-Hole after that. Thanks for this reply. I haven't had a chance to dig into this again. So basically I have a Raspberry Pi server running Raspbian Lite at my parents house. Main purpose is for remote backups. It's rack mounted with a 4TB HDD. I have it on it's own VLAN on that network. I want to connect to it via Wireguard periodically and Rsync to it. Currently I'm using ZeroTier for this but want to switch to WG. So my unraid server is running the WG server, the RasPi a few states away will be a WG Peer. I created the WG config file on unraid and SSH'd it to the Pi. Opened a port on the router. Opened a port on the Pi's firewall. But can't get it to connect. There was no straight forward way to install WG on that Pi since it's running Buster. I'll dig into it more this weekend and follow up. I have a fancy little OLED screen for this little server running a python script. And I know I'm going to break it if I install a new OS 😂 Attaching a couple images of my little 3D printed mount... Edited December 16, 20223 yr by adminmat
December 16, 20223 yr 15 minutes ago, adminmat said: There was no straight forward way to install WG on that Pi since it's running Buster I had to re-image the Raspberry Pi a few months ago because it was still on Debian Stretch which Pi-Hole no longer supported. In order to update Pi-Hole, I had to reimage with Debian Bullseye (Buster would have also worked) and that is the same RPi where where I also have WireGuard running. However, as mentioned, that instance of WireGuard on the RPi is not a peer to the WG on unRAID. It is a backup access point into my LAN if/when unRAID/WG are down so I can restart my unRAID server via IPMI.
December 30, 20223 yr I followed this guide to achive "Remote access to LAN" on 6.11.5. My problem is that: - I can access the Unraid GUI on 192.168.1.5 - I can access Plex on 192.168.1.5:32400 - I can NOT access my windows VM 192.168.1.10 running on Unraid using RDP - I can NOT access any other device on my LAN (i.e. 192.168.1.1) It looks like my WG connection terminates at 192.168.1.5 (Unraid) and can't access any other IP on the network - feels like a routing issue. Ideas? Edited December 30, 20223 yr by cholzer
December 31, 20223 yr Is there a way to import a config file from another Wireguard server into unRAID? I am using a Raspberry Pi in another state. I want to connect it to my Wireguard unRAID server. How to I import the config into unRAID? I would just set up the Raspberry Pi as a client but it seems there are no supported ways to do this at the moment. Thanks.
January 1, 20233 yr Author On 12/30/2022 at 6:48 AM, cholzer said: I followed this guide to achive "Remote access to LAN" on 6.11.5. My problem is that: - I can access the Unraid GUI on 192.168.1.5 - I can access Plex on 192.168.1.5:32400 - I can NOT access my windows VM 192.168.1.10 running on Unraid using RDP - I can NOT access any other device on my LAN (i.e. 192.168.1.1) It looks like my WG connection terminates at 192.168.1.5 (Unraid) and can't access any other IP on the network - feels like a routing issue. Ideas? Please read the first two posts in this thread very carefully, particularly the part titled "Complex networks"
January 1, 20233 yr Author 11 hours ago, adminmat said: Is there a way to import a config file from another Wireguard server into unRAID? There is an "import tunnel" button right next to "add tunnel"
January 1, 20233 yr 6 hours ago, ljm42 said: Please read the first two posts in this thread very carefully, particularly the part titled "Complex networks" Thank you for your reply, my error was that I misread this section. Quote With "Use NAT" = Yes and "Host access to custom networks" = enabled (static route optional) server and dockers on bridge/host - accessible! VMs and other systems on LAN - NOT accessible dockers with custom IP - NOT accessible (avoid this config) After I added a static route on my router it worked. I guess the aspect which confused me was that wg-easy on the rpi did not require this, but the networking on Unraid is certainly different. QUESTION: Why cant this route be added directly inside Unraid? Like in the "Routing Table" section. Edited January 1, 20233 yr by cholzer
January 2, 20233 yr Author On 1/1/2023 at 12:10 AM, cholzer said: Why cant this route be added directly inside Unraid? This link is from the Custom Networks portion of the OP: https://forums.unraid.net/topic/84229-dynamix-wireguard-vpn/page/8/?tab=comments#comment-808801
January 2, 20233 yr On 12/13/2022 at 12:54 AM, Hoopster said: You are trying to setup a Raspberry Pi as a client (peer) from which to access unRAID server via WireGuard? Perhaps this tutorial will help? I have WireGuard running on a Raspberry Pi from which I generated client (peer) profiles to access my LAN remotely from a phone or laptop if unRAID/WireGuard are down. I also have Pi-Hole running on the same Raspberry Pi. I used this guide and yes, it starts with imaging a Micro SD card for installing WireGuard but I was able to install Pi-Hole after that. Hey @Hoopster just wanted to follow up on this. I installed WG using Wundertech's guide that you linked. Had it up and running as intended but on the first update (to the Pi OS) it pulled a bunch of unstable packages. (Most guides for Raspberry Pi OS were made prior to Wireguard being built into the new kernel release. Debian 11?) It took about 40 minutes to pull down all the packages and I noticed many stated "unstable." Anyhow. Found this post on a RasPi forum that states you no longer need to install the additional supporting packages and you just install WG via sudo apt install wireguard. Add your config file and that's it. Done. Now everything works as intended except I lose my local SSH connection when I connect the Wireguard tunnel back to my unRAID server.. Still working on how to solve that.
January 6, 20233 yr How can I run a script when a certain peer connects / disconnects? I want to add a route to its LAN, but can't use the option "LAN <---> LAN" because it has no certain endpoint. i get the intention of an endpoing beeing mendatory in the GUI, but it should not be necessary as long as one peer can connect to another. Edited January 6, 20233 yr by Greyberry
January 8, 20233 yr On 8/28/2022 at 5:36 PM, HojojojoWololo said: Hi guys, I need some help, too, cause I can't figure out what to do even after some hours of research. Problem: I am using Wireguard for some months and everything works fine since everyone who connects via Wireguard is supposed to have complete access to the LAN of the server (wife and I). But on my server, there is one docker-container which I allowed some friends to have access to. For that purpose, I used an OpenVPN container since I was able to restrict the VPN access to just one specific container (within the OpenVPN config, I was able to restrict certain users to certain IP mappings within the server's docker network). Now the OpenVPN docker is EOL for Unraid and coincidentally, my OpenVPN setup broke. My problem: how can I achieve to set this up via Wireguard in Unraid? I do not want those people to access my whole server/LAN/... but only one specific docker container (IP is only "fixed" by the boot sequence of the docker containers - not by assigning a fixed IP to the container itself). Hopefully, someone has some tipps for me Up
January 11, 20233 yr I am trying to use Wireguard with a "complex" network where I have dockers running with a br0 network type. Wireguard is working, I can access most of my LAN via VPN, but I cannot access these dockers, like Pi-Hole. I have followed these directions: "With "Use NAT" = No and "Host access to custom networks" = enabled and static route " - the last item being creating a static route on my Unifi USG router through the Unifi Controller software. Any advice on how to troubleshoot this problem?
January 11, 20233 yr Author On 8/28/2022 at 8:36 AM, HojojojoWololo said: Hi guys, I need some help, too, cause I can't figure out what to do even after some hours of research. Problem: I am using Wireguard for some months and everything works fine since everyone who connects via Wireguard is supposed to have complete access to the LAN of the server. But on my server, there is one docker-container which I allow some friends to have access to. For that purpose, I used an OpenVPN container since I was able to restrict the VPN access to just one specific container (within the OpenVPN config, I was able to restrict certain users to certain IP mappings within the server's docker network). Now the OpenVPN docker is EOL for Unraid and coincidentally, my OpenVPN setup broke. My problem: how can I achieve to set this up via Wireguard in Unraid? I do not want those people to access my whole server/LAN/... but only one specific docker container (IP is only "fixed" by the boot sequence of the docker containers - not by assigning a fixed IP to the container itself). Hopefully, someone has some tipps for me On 1/8/2023 at 1:01 PM, HojojojoWololo said: Up Have you ruled out the Local Tunnel Firewall feature? You can click the "?" in the upper right corner of the page to turn on help and see how it works.
January 11, 20233 yr Author 2 hours ago, wayner said: I have followed these directions: "With "Use NAT" = No and "Host access to custom networks" = enabled and static route " - the last item being creating a static route on my Unifi USG router through the Unifi Controller software. Any advice on how to troubleshoot this problem? Seems like this would do the trick. I would probably start by double checking the static route and making sure there is nothing in the router that is firewalling the traffic. Also make sure you haven't inadvertently blocked anything with the Local Tunnel Firewall in the WireGuard config.
January 11, 20233 yr Author On 1/6/2023 at 4:10 PM, Greyberry said: How can I run a script when a certain peer connects / disconnects? I want to add a route to its LAN, but can't use the option "LAN <---> LAN" because it has no certain endpoint. i get the intention of an endpoing beeing mendatory in the GUI, but it should not be necessary as long as one peer can connect to another. I would add static routes in your router rather than trying to script it on individual computers. BTW we have a separate guide for setting up LAN to LAN WG here: https://forums.unraid.net/topic/88906-lan-to-lan-wireguard/
January 11, 20233 yr 16 minutes ago, ljm42 said: Seems like this would do the trick. I would probably start by double checking the static route and making sure there is nothing in the router that is firewalling the traffic. Also make sure you haven't inadvertently blocked anything with the Local Tunnel Firewall in the WireGuard config. Here is the Wireguard config. Should that Local tunnel firewall setting be changed? Here are my settings for Wireguard, my static route on my Unifi router and my docker config.
January 12, 20233 yr Author 16 hours ago, wayner said: Here are my settings for Wireguard, my static route on my Unifi router and my docker config. On the static route, why is the distance set to "2"? Try "1".
January 12, 20233 yr 5 hours ago, ljm42 said: On the static route, why is the distance set to "2"? Try "1". I will try changing that. I was copying what I saw from someone else's configuration.
January 12, 20233 yr I changed the hop distance from 2 to 1 but that does not help, I still cannot access my br0 dockers.
January 13, 20233 yr Author 17 hours ago, wayner said: I changed the hop distance from 2 to 1 but that does not help, I still cannot access my br0 dockers. Is the peer file on your iphone current? It needs to be manually updated whenever you make a change to the wireguard config on the server.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.