Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Dynamix WireGuard VPN

Featured Replies

  • Author
11 hours ago, JackieWu said:

i hope someone can solve this problem perfectly in some day

 

I added in Unraid 6.10-rc5 the automatic creation of the necessary routes to access containers on network 'br0' remotely. "Host access to custom networks" must be enabled, to allow communication to the container using a WireGuard tunnel configured for remote LAN access.

 

With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router.

 

@JackieWu thanks for introducing this solution!

 

  • Replies 607
  • Views 211.1k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • With Unraid containers may have either fixed addresses or dynamic addresses when used on a custom (macvlan) network. To ensure that "any" container can be accessed by the host, I took the approac

  • This is my scenario. @bonienl Please correct anything erroneous in this post.  I am not a networking expert and am explaining things according to my understanding with my functioning WireGuard, router

  • LAN hosts or docker containers/VMs with their own IP address, need a return path back to the WireGuard VPN tunnel which exists on the Unraid server to reach any remote destination.   This is

Posted Images

10 hours ago, bonienl said:

@JackieWu thanks for introducing this solution!

 

@bonienl You are welcome !

Quote

With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router.

Glad to hear that, thanks for your efforts 😄

Edited by JackieWu

On 4/17/2022 at 2:16 AM, JackieWu said:

@ax77 Not a problem, thanks for response.

I some kind of "solved" my problem, now i can acess my docker container with custom static ip address in the complex network ( wireguard no NAT, "Remote tunneled aceess" mode, "Host access to custom networks" enabled). The key is that adding static route to every deive (docker container or compter) you want to access.

for example, in the complex network, suppose you have a Emby container with static ip address, if you want to access to Emby webui, you should open contaier's Console window in Unraid DOCKER tab and enter comman line below(10.10.10.3 is my unraid ip address and you should replace it with yours) :

ip route add 10.253.0.0/24 via 10.10.10.3

and that's it, after adding a static route to container, now you can access your Emby container's webui. 

But, there are some limitations:

  • after restarting container, static route disappear, so unfortunately you should add it again every time you restart your container ( but there is a way to get through this, see below ).
  • not every container have "ip" command, for example,  linuxserver's jellyfin image dose not include "ip" command in it's docker image, so i have to install "ip" command first ( like "apt update && apt install iproute2" ) and then add static route.

Fortunately, if you are using LinuxServer docker image, there is a way to reduce those troubles, as linuxserver.io said

So you can simply go to the custom-cont-init.d folder ( in docker container or host map path ) and create a bash scripts to add static route like this:

#!/bin/bash
ip route add 10.253.0.0/24 via 10.10.10.3

if Container dose not have "ip" command:

#!/bin/bash
apt update && apt install -y iproute2 && ip route add 10.253.0.0/24 via 10.10.10.3

And now static route persists even restarting container.

So that's all, this is the way i get around, it's not a perfect method, but at least i can access my container with static ip address now, i hope someone can solve this problem perfectly in some day.

 

(Sorry for my English, its not my native language.)

 

awesome.  I'll give it a try. Thanks!

On 4/17/2022 at 2:12 PM, bonienl said:

 

I added in Unraid 6.10-rc5 the automatic creation of the necessary routes to access containers on network 'br0' remotely. "Host access to custom networks" must be enabled, to allow communication to the container using a WireGuard tunnel configured for remote LAN access.

 

With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router.

 

@JackieWu thanks for introducing this solution!

 

Could you elaborate on accessing VLANs?  I have everything setup for complex networks.  I can ping devices on different VLANs but I can't access their web gui's.  Not sure what other static route I can add.

  • Author

The normal routing flow in the LAN network and the VLAN network is the default route towards the home router, which on its turn has a default route to go out on the Internet. This is a straightforward left-to-right path in the picture below and works for both the Unraid server and Docker container to go out on the Internet.

 

When a WireGuard tunnel is introduced, it resides on the Unraid server. The docker container in the VLAN network is unaware of this tunnel and don't know how to reach it, here the default route towards the home router is still followed.

 

The home router needs to know how to reach the WireGuard tunnel, by adding a static route of the tunnel network (10.253.0.0/24) and pointing to the Unraid server address (.2). With this static route in place the VLAN network has a route back to the WireGuard tunnel and this allows a remote device to access the container over the WireGuard tunnel.

 

image.thumb.png.8937c2feb86da2070ac41b42657e8877.png

 

There is one gotcha, both the WireGuard tunnel and Docker container reside on the same Unraid server, and docker by default does not allow a docker container in a custom network to talk to the host, hence it is required to enable the setting "Allow host access to custom network" to allow communication between container and tunnel.

 

On 4/17/2022 at 2:16 AM, JackieWu said:

@ax77 Not a problem, thanks for response.

I some kind of "solved" my problem, now i can acess my docker container with custom static ip address in the complex network ( wireguard no NAT, "Remote tunneled aceess" mode, "Host access to custom networks" enabled). The key is that adding static route to every deive (docker container or compter) you want to access.

for example, in the complex network, suppose you have a Emby container with static ip address, if you want to access to Emby webui, you should open contaier's Console window in Unraid DOCKER tab and enter comman line below(10.10.10.3 is my unraid ip address and you should replace it with yours) :

ip route add 10.253.0.0/24 via 10.10.10.3

and that's it, after adding a static route to container, now you can access your Emby container's webui. 

But, there are some limitations:

  • after restarting container, static route disappear, so unfortunately you should add it again every time you restart your container ( but there is a way to get through this, see below ).
  • not every container have "ip" command, for example,  linuxserver's jellyfin image dose not include "ip" command in it's docker image, so i have to install "ip" command first ( like "apt update && apt install iproute2" ) and then add static route.

Fortunately, if you are using LinuxServer docker image, there is a way to reduce those troubles, as linuxserver.io said

So you can simply go to the custom-cont-init.d folder ( in docker container or host map path ) and create a bash scripts to add static route like this:

#!/bin/bash
ip route add 10.253.0.0/24 via 10.10.10.3

if Container dose not have "ip" command:

#!/bin/bash
apt update && apt install -y iproute2 && ip route add 10.253.0.0/24 via 10.10.10.3

And now static route persists even restarting container.

So that's all, this is the way i get around, it's not a perfect method, but at least i can access my container with static ip address now, i hope someone can solve this problem perfectly in some day.

 

(Sorry for my English, its not my native language.)

 

@JackieWu when I try and add the static route to my Shinobi container I get the following 

 

ip: RTNETLINK answers: Operation not permitted

 

 

On 4/26/2022 at 5:58 AM, ax77 said:

 

@JackieWu when I try and add the static route to my Shinobi container I get the following 

 

ip: RTNETLINK answers: Operation not permitted

 

 

Ops, sorry, I forgot to say that before adding static route to container, you should add --cap-add=NET_ADMIN in Extra Parameters, because docker containers do not have full privileges by default.

 

Snipaste_2022-04-28_10-15-35.thumb.png.bae67b1650561f8e4dfc65a2f57de9d8.png

 

 

  • Author

Unraid 6.10.0-rc5 is released, which does automatic route adding for containers on custom network br0.

 

On 4/27/2022 at 7:20 PM, JackieWu said:

Ops, sorry, I forgot to say that before adding static route to container, you should add --cap-add=NET_ADMIN in Extra Parameters, because docker containers do not have full privileges by default.

 

Snipaste_2022-04-28_10-15-35.thumb.png.bae67b1650561f8e4dfc65a2f57de9d8.png

 

 

@JackieWu thanks, but now after inputting 

 

ip route add 10.253.0.0/24 via "unraid ip"

 

I'm getting 

 

ip: RTNETLINK answers: Network unreachable

24 minutes ago, ax77 said:

ip route add 10.253.0.0/24 via "unraid ip"

 

@ax77 You should replace "unraid ip" with your real unraid ip address, suppose your unraid ip is 192.168.1.10, then you should entern command line below like:

 

ip route add 10.25.0.0/24 via 192.168.1.10

 

On 4/28/2022 at 5:36 PM, bonienl said:

Unraid 6.10.0-rc5 is released, which does automatic route adding for containers on custom network br0.

 

@bonienl Great, thanks!

5 minutes ago, JackieWu said:

 

@ax77 You should replace "unraid ip" with your real unraid ip address, suppose your unraid ip is 192.168.1.10, then you should entern command line below like:

 

ip route add 10.25.0.0/24 via 192.168.1.10

 

@jackiewu  yes that's what I did

Hi guys,

 

I run 6.10 rc5. Is it possible to setup a wireguard server via webgui using a global /64 subnet instead of ULAs? My ISP assigns me a static /48 prefix so I see no reason to use ipv6 nat.

I am having a strange issue where i download the zip from the vpn interface in unraid, import that conf file into networkmanager on Arch Linux but the tunnel does not work. Anyone else have this? Yes i have wireguard-tools installed on Arch.

Edited by SavageAUS

I need help with wireguard. I've been trying to figure this out for weeks. I'm running 6.10rc5. I cant seem to get wireguard to allow access to my network. All i can connect to is unraid webgui. I used to be able to connect to my router and other dockers running on my server. I've tried remote tunnel, remote access to LAN, etc. None seem to work.

Edited by ishtangli

On 10/17/2021 at 10:46 AM, aalyaqoub said:

Hi I have wireguard with a remote tunneled access and I am having trouble access my VMs or any other things on my local network. It used to work fine and now it doesn't and I am confused on how to fix it. Did any of you have similar problems?

Same exact problem. Have you found a solution?

 

  • 2 weeks later...

Is this still being maintained? It seems to be pretty out of date

7 minutes ago, CorneliusCornbread said:

Is this still being maintained? It seems to be pretty out of date

This is the support thread for the old plugin. There isn't a plugin anymore since this is built-in now.

 

Most of the support for this feature is here:

 

  • 1 month later...

Can't find this anywhere, but is there a way to get an e-mail alert or something indicating that a peer lost connection or hasn't connected in x minutes/hours/days or whatever?

On 5/12/2022 at 5:08 PM, trurl said:

This is the support thread for the old plugin. There isn't a plugin anymore since this is built-in now.

 

Most of the support for this feature is here:

 

But that guide references Dynamix Wireguard plugin as a pre-req...

 

 

"Prerequisites

 

You must be running Unraid 6.8+ with the Dynamix WireGuard plugin from Community Apps"

 

Can someone confirm what maintainer they are using for wireguard now??

21 hours ago, thestraycat said:

"Prerequisites

 

You must be running Unraid 6.8+ with the Dynamix WireGuard plugin from Community Apps"

 

refresh the page :)

 

You must be running Unraid 6.10+, or Unraid 6.8-6.9 with the Dynamix WireGuard plugin from Community Apps

28 minutes ago, ljm42 said:

 

refresh the page :)

 

You must be running Unraid 6.10+, or Unraid 6.8-6.9 with the Dynamix WireGuard plugin from Community Apps

I have just slightly reworded the linked post to make it clearer that you do not need the plugin with 6.10+.

  • 1 month later...

Hello,

 

Long story short - I had an error for my wireguard in the plugin error page and just a button to delete it .. which I did with the idea to re-install it again, but unfortunately now I have an error that my unraid version is too new (6.10.3) and I cannot find any other way to install it again. Any help will be highly appreciated. Thank you!

Screenshot 2022-08-12 134833.jpg

3 hours ago, GermanGramatikov said:

Hello,

 

Long story short - I had an error for my wireguard in the plugin error page and just a button to delete it .. which I did with the idea to re-install it again, but unfortunately now I have an error that my unraid version is too new (6.10.3) and I cannot find any other way to install it again. Any help will be highly appreciated. Thank you!

Screenshot 2022-08-12 134833.jpg

WireGuard is fully built into the latest Unraid releases - no need any more to install a plugin.

5 hours ago, itimpi said:

WireGuard is fully built into the latest Unraid releases - no need any more to install a plugin.

Hello itimpi,

 

I know that people do not like to read long posts that is why I tried to write it as short as possible but let me try again:

  • My Wireguard stopped working
  • there was a new tab in plugins page called "Errors" (forgot to make screenshot it is already gone)
  • in it it said that wireguard has an issue and the only button available was "Delete" which I pressed
  • Now I don't have wiregurad and I cannot install it
  • Help please?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.