xaositek Posted June 17, 2021 Share Posted June 17, 2021 As of Wireguard App version: 1.0.13 (24) - iOS/iPadOS 15 and macOS Monterey now work properly. If you did NOT remove your configuration, it's an in place update and things will work. Otherwise import your tunnels from QR Code or Archive and you'll be good to go! Quote Link to comment
Fizz Posted June 20, 2021 Share Posted June 20, 2021 (edited) I'm having some trouble accessing my docker containers when I connect to Unraid through Wireguard. I'm using an IOS device to test this. I can access the Unraid web gui with https (randomcharacters.unraid.net:8443) or http (192.168.1.x:8443). I use a reverse proxy to access various docker containers (dockercontainer.mysubdomain.duckdns.org). This works when I'm directly connected to my local network, but not over Wireguard. I've tried following many of the steps in the Quickstart post but it hasn't worked (or I haven't done it correctly). Any ideas on how I can fix this? Here are some additional details on what I've tried: My router is configured to provide my Pihole IP address as the DNS server. Pihole has a custom IP address (192.168.1.x) Pihole connects to dnscrypt proxy docker container on Unraid which connects to an external DNS. Pihole itself is a docker container. Unraid itself is configured to NOT use Pihole as the DNS server and instead use an external DNS. I added a static route to my router--Network destination: 10.253.0.0 (local tunnel network pool for Wireguard), subnet mask 255.255.255.0, default gateway: 192.168.1.x (unraid local IP) I cannot access the Pihole web GUI over Wireguard. Works fine over local network. I have tried "Remote tunnel access" and "Remote access to LAN" peer types I have set "Local server uses NAT" to Yes and "Host access to custom networks" to disabled. I've also tried setting these to No and enabled respectively. Edited June 20, 2021 by Fizz Quote Link to comment
warcode Posted June 29, 2021 Share Posted June 29, 2021 I need my "Remote tunneled access" to use eth1 as the route in PostUp. Currently it tries to use the unplugged eth0, and the configuration changes even if I download/edit/import. Quote Link to comment
bonienl Posted June 30, 2021 Author Share Posted June 30, 2021 The GUI uses eth0 as management port, this can not be changed. WireGuard relies on routing to select the outgoing interface for the tunnel. Normally this is the default gateway (eth0). Quote Link to comment
bjun626 Posted July 11, 2021 Share Posted July 11, 2021 I've been trying to setup a tunnel to my other house's network. I've successfully setup to tunnel and I'm able to access my remote SMB on unraid. Right now I'm still unable to connect to the remote IP(192.168.0.0/24) from my own PC and docker containers in br0. What works: 1. Unraid -> Mount Remote SMB Share via Unassigned Device traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets 1 172.27.66.1 (172.27.66.1) 2.749 ms 2.742 ms 2.854 ms 2 * * * 3 192.168.0.1 (192.168.0.1) 3.642 ms 3.596 ms 3.595 ms 2. Docker not on br0 -> Able to ping 192.168.0.1 What doesn't work: 1. My PC 192.168.1.34 -> Unable to Ping 192.168.0.1 Tracing route to 192.168.0.1 over a maximum of 30 hops 1 1 ms 1 ms 2 ms [192.168.1.1] 2 2 ms 1 ms 1 ms [192.168.1.3] 3 * * * Request timed out. 2. Docker code-server 192.168.1.7 (br0) -> Unable to Ping 192.168.0.1 Below is my configuration Local: Router 192.168.1.1 - Static route 192.168.0.0/24 to 192.168.1.3 Unraid 192.168.1.3 (Using one one ethernet eth0 to router) - Wireguard: Set to "VPN tunnelled access" mode - Docker: "Host access to custom networks" is set to on Local Wireguard IP 172.27.66.4 Wireguard Subnet 172.27.66.0/24 Remote: Router 192.168.0.1 Remote Wireguard IP 172.27.66.1 Wireguard: - Hosted on RPi4 using homeassistant/wireguard (Should be in "Remote tunneled access" mode) What I observed is that unraid routing table is not routing my traffic to wg2 interface. Would like to know what changes should be done for my PC to able to connect to the remote subnet. Thanks Quote Link to comment
ljm42 Posted July 13, 2021 Share Posted July 13, 2021 On 7/10/2021 at 6:27 PM, bjun626 said: I've been trying to setup a tunnel to my other house's network. I've successfully setup to tunnel and I'm able to access my remote SMB on unraid. Right now I'm still unable to connect to the remote IP(192.168.0.0/24) from my own PC and docker containers in br0. This is rather complex, I won't be able to give exact steps but hopefully these pointers will help: See the "complex networks" portion of this post for help with "host access to custom networks": https://forums.unraid.net/topic/84226-wireguard-quickstart/ See this guide for setting up LAN to LAN Wireguard: https://forums.unraid.net/topic/88906-lan-to-lan-wireguard/ I'm thinking your "peer allowed ips" are wrong on one or both ends. Also, "VPN tunneled access" mode does not make sense to me, I would expect to you to use "LAN to LAN". You can turn on help to see the difference. Quote Link to comment
bjun626 Posted July 17, 2021 Share Posted July 17, 2021 On 7/14/2021 at 2:41 AM, ljm42 said: This is rather complex, I won't be able to give exact steps but hopefully these pointers will help: See the "complex networks" portion of this post for help with "host access to custom networks": https://forums.unraid.net/topic/84226-wireguard-quickstart/ See this guide for setting up LAN to LAN Wireguard: https://forums.unraid.net/topic/88906-lan-to-lan-wireguard/ I'm thinking your "peer allowed ips" are wrong on one or both ends. Also, "VPN tunneled access" mode does not make sense to me, I would expect to you to use "LAN to LAN". You can turn on help to see the difference. You're correct the "peers.allowed_ips" are wrong on my remote side. As I'm using home assistant wireguard, so I have to manually add another field in its yaml configuration - allowed_ips: - 172.27.66.0/24 - 192.168.1.0/24 The reason I'm using the VPN tunneled access is because I'm trying to access from 192.168.1.0/24 to 192.168.0.0/24 and not the other way round. LAN to LAN also work for me. Thanks 1 Quote Link to comment
Turnspit Posted July 26, 2021 Share Posted July 26, 2021 (edited) I'm looking for a solution to connect to my Offsite-Backupserver. I want my whole LAN to have access to the Backupserver, but only the Backupserver having access to my LAN. Sort of a "Server to LAN access". Is this possible, and what would the steps be? Thanks! 🙂 Edited July 26, 2021 by Turnspit Quote Link to comment
abhi.ko Posted August 4, 2021 Share Posted August 4, 2021 (edited) Hello - installed this plugin and it is working fine - Thanks for the work. I am not super knowledgeable regarding networking - but I am using the remote access to LAN as shown below, followed the steps laid out in the very detailed write up, and I can connect to Unraid and docker containers (e.g. Plex, Emby etc.) well from outside my home network, so ports are forwarded correctly and everything seems to be working well. However I cannot access anything else connected to my LAN (e.g. Pi-Hole running on an R-Pi) or my router admin page. I was using openVPN before this and could access all devices on the network easily. Any advice for me to try and get to everything connected to the LAN? Thanks in advance. Edited August 4, 2021 by abhi.ko added more info. Quote Link to comment
unquietwiki Posted August 7, 2021 Share Posted August 7, 2021 Hey there. I am looking at attempting to connect to a Subspace Wireguard VPN server from Unraid. Attempting to import tunnel configs from Subspace produces mixed results: it doesn't seem to import the assigned addresses or subnet masks correctly; and I can't exactly tell what use case to try with "advanced" configuration. I have no present desire to use Unraid to host Wireguard, nor use it to provide VPN connectivity to clients; I want to be able to access the Unraid GUI from other VPN clients. If the plugin isn't meant for "client" use, then is there a Docker container I should consider instead; or other way to activate it from the OS-level? Thanks! Quote Link to comment
kencwt Posted August 13, 2021 Share Posted August 13, 2021 How should I setup other Docker containers to connect to WireGuard? I watched this video from Spaceinvader One that for VPN as a Docker container we just need to add the name of the container in extra parameter. However, Dynamix WireGuard does not show in the Docker page and can only be configured in the settings page, I am not sure how to setup the connection. Quote Link to comment
hive_minded Posted August 17, 2021 Share Posted August 17, 2021 I need some help I completely broke Wireguard. I was having some issues getting it working, especially after switching from Google DDNS to Cloudflare + NPM. Couldn't get anything to work. So I decided to nuke everything and start fresh. I rm -rf'd /etc/wireguard/, deleted the plugin, redownloaded the plugin and then tried to start fresh. However, when I went into VPN settings after nothing would save. Hitting apply would reset everything. After looking around, it looks like re downloading the plugin did not create '/etc/wireguard'. So I mkdir '/etc/wireguard', as well as '/etc/wireguard/wg0.conf' Now I can get a couple things to save, but once I try to 'add peer' it just raises and lowers the tunnel wg0 part, as if Im clicking the down/expand arrow. At this point I decided to delete everything again, and restart the server. When I did that /etc/wireguard/ showed up (was not there when I restarted) and had the old files from the very beginning. Any pointers on how to just 100% reset the Wireguard state. Deleting/restarting is clearly not working, and nothing new I am doing is saving. Quote Link to comment
ljm42 Posted August 17, 2021 Share Posted August 17, 2021 12 hours ago, hive_minded said: Now I can get a couple things to save, but once I try to 'add peer' it just raises and lowers the tunnel wg0 part, as if Im clicking the down/expand arrow. Depending on the options you choose when setting up the tunnel, sometimes once of the advanced fields is required to be filled in. It is switching to advanced mode so you can fill it in. Quote Link to comment
ljm42 Posted August 17, 2021 Share Posted August 17, 2021 On 8/12/2021 at 8:57 PM, kencwt said: How should I setup other Docker containers to connect to WireGuard? I watched this video from Spaceinvader One that for VPN as a Docker container we just need to add the name of the container in extra parameter. However, Dynamix WireGuard does not show in the Docker page and can only be configured in the settings page, I am not sure how to setup the connection. The built-in WireGuard is not a Docker container so it cannot be used that way. There is a way to configure WireGuard to connect to a commercial VPN provider, but it takes over the entire connection and cannot be limited to specific containers: Quote Link to comment
ljm42 Posted August 17, 2021 Share Posted August 17, 2021 On 8/6/2021 at 11:43 PM, unquietwiki said: Hey there. I am looking at attempting to connect to a Subspace Wireguard VPN server from Unraid. Attempting to import tunnel configs from Subspace produces mixed results: it doesn't seem to import the assigned addresses or subnet masks correctly; and I can't exactly tell what use case to try with "advanced" configuration. I have no present desire to use Unraid to host Wireguard, nor use it to provide VPN connectivity to clients; I want to be able to access the Unraid GUI from other VPN clients. If the plugin isn't meant for "client" use, then is there a Docker container I should consider instead; or other way to activate it from the OS-level? Thanks! The WireGuard webgui is optimized to be the place where you manage all the peers rather than being just a peer itself. But you should be able to make it work. Start by importing a config and choosing perhaps "Remote access to LAN". There are two WireGuard config files, one for the server and one for the peer. You can view each by clicking the little "eye" icons on the right side of the page. You may need to research how to setup WireGuard manually in order to find the right settings. Once you get it working, come back here and tell us what you did! 1 Quote Link to comment
ljm42 Posted August 17, 2021 Share Posted August 17, 2021 On 8/4/2021 at 3:16 PM, abhi.ko said: I can connect to Unraid and docker containers (e.g. Plex, Emby etc.) well from outside my home network, so ports are forwarded correctly and everything seems to be working well. However I cannot access anything else connected to my LAN (e.g. Pi-Hole running on an R-Pi) or my router admin page. See the section on "complex networks" here: There are certain combinations of "Use NAT" and "Host access to custom networks" that do not work together, and others that require you to setup a static route on your router. Quote Link to comment
unquietwiki Posted August 18, 2021 Share Posted August 18, 2021 13 hours ago, ljm42 said: The WireGuard webgui is optimized to be the place where you manage all the peers rather than being just a peer itself. But you should be able to make it work. Start by importing a config and choosing perhaps "Remote access to LAN". There are two WireGuard config files, one for the server and one for the peer. You can view each by clicking the little "eye" icons on the right side of the page. You may need to research how to setup WireGuard manually in order to find the right settings. Once you get it working, come back here and tell us what you did! Thanks for replying! That eye thing helps; tells me that at least the config file gets imported correctly. That being said, the default IPv4-only for WireGuard in Unraid means that if I set it to IPv6/IPv4, it'll lose most of the imported configuration. The UI's also unclear about my end's public IP address being optional; I know in the other WireGuard setup I maintain (traditional, not Subspace), I don't ever have to worry about the home user IPs. Subspace-generated WireGuard config... [Interface] PrivateKey = PRIVATE DNS = IPV4DNS,IPV6DNS Address = IPV4ADDR/SN,IPV6ADDR/SN [Peer] PublicKey = PUBLIC Endpoint = VPNADDRESS:PORT AllowedIPs = IPV6ALLOWEDSN,IPV4ALLOWEDSN Quote Link to comment
Dor Posted August 28, 2021 Share Posted August 28, 2021 (edited) I seem to have found an odd bug. When tunnels are set to be inactive, (re)entering the VPN Manager and changing any information (such as the tunnel or peer's name) and applying, activates the tunnel. Deactivating it and doing so again without leaving the page won't activate the tunnel again, but revisiting the page and changing information once again will. This has accidentally caused me to activate two commercial VPN tunnels as I was naming the "peers" and the server became inaccessible until a reboot (I was unable to use the local terminal since the GPU was previously attached to a VM and I can't seem to get the iGPU to work with unRaid) Edited August 28, 2021 by Dor Quote Link to comment
shrekfx Posted September 3, 2021 Share Posted September 3, 2021 How does one delete a vpn tunnel set up under the wiregaurd plugin. I can remove the peer, but not the tunnel?? Quote Link to comment
PvD Posted September 3, 2021 Share Posted September 3, 2021 You need to change the tunnel view from „Basic“ to „Advanced“. The toggle is located between the „Active“ and „Autostart“ toggle in the top Right corner of the tunnel. After that you will find a delete tunnel button in the bottom right corner of the tunnel configuration. Quote Link to comment
ax77 Posted September 21, 2021 Share Posted September 21, 2021 I've set up wireguard for a complex network but I'm unable to access my shinobicctv docker that is on a vlan. The vlan has a subnet of 10.5.20.0/24. I'm able to ping and tracert all ip addresses on the vlan through wireguard but can't access them via webgui. I can access the router at 10.5.20.1 tough. Any ideas? Quote Link to comment
writablevulture Posted September 23, 2021 Share Posted September 23, 2021 I have this working and I am pleased with it. However, I am using Cloudflare with Nginx Proxy Manager to provide reverse proxy access to various services on my Unraid box without having to open ports for each of them in my router. Is is possible to do the same with WireGuard so I can avoid forwarding its port in my router? Is this even desirable and would it give me any additional security? Thanks! Quote Link to comment
nomadhawk Posted September 24, 2021 Share Posted September 24, 2021 I have a weird problem I have noticed about the plugin. when the server reboots I have to regen the key and redo the config to get it to connect again. it is odd. Quote Link to comment
writablevulture Posted September 28, 2021 Share Posted September 28, 2021 On 9/23/2021 at 2:51 PM, writablevulture said: I have this working and I am pleased with it. However, I am using Cloudflare with Nginx Proxy Manager to provide reverse proxy access to various services on my Unraid box without having to open ports for each of them in my router. Is is possible to do the same with WireGuard so I can avoid forwarding its port in my router? Is this even desirable and would it give me any additional security? Thanks! To answer my own question see WireGuard quickstart. WireGuard doesn't seem to work with proxied connections. Quote If you are using Cloudflare for DDNS, be sure to configure the Cloudflare "Proxy status" to "DNS only" and not "Proxied". 1 Quote Link to comment
Celmar Posted September 28, 2021 Share Posted September 28, 2021 On 9/24/2021 at 3:08 PM, nomadhawk said: I have a weird problem I have noticed about the plugin. when the server reboots I have to regen the key and redo the config to get it to connect again. it is odd. I can confirm that this happens to me too. Every time the server gets rebooted I have to change the Peer Type setting and change it back again to make it work. I guess any change to the config fixes the problem. I don't have to reload the config on the client so it seems to be server side problem only. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.