bonienl Posted April 17, 2022 Author Share Posted April 17, 2022 11 hours ago, JackieWu said: i hope someone can solve this problem perfectly in some day I added in Unraid 6.10-rc5 the automatic creation of the necessary routes to access containers on network 'br0' remotely. "Host access to custom networks" must be enabled, to allow communication to the container using a WireGuard tunnel configured for remote LAN access. With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router. @JackieWu thanks for introducing this solution! Quote Link to comment
JackieWu Posted April 18, 2022 Share Posted April 18, 2022 (edited) 10 hours ago, bonienl said: @JackieWu thanks for introducing this solution! @bonienl You are welcome ! Quote With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router. Glad to hear that, thanks for your efforts 😄 Edited April 18, 2022 by JackieWu Quote Link to comment
ax77 Posted April 19, 2022 Share Posted April 19, 2022 On 4/17/2022 at 2:16 AM, JackieWu said: @ax77 Not a problem, thanks for response. I some kind of "solved" my problem, now i can acess my docker container with custom static ip address in the complex network ( wireguard no NAT, "Remote tunneled aceess" mode, "Host access to custom networks" enabled). The key is that adding static route to every deive (docker container or compter) you want to access. for example, in the complex network, suppose you have a Emby container with static ip address, if you want to access to Emby webui, you should open contaier's Console window in Unraid DOCKER tab and enter comman line below(10.10.10.3 is my unraid ip address and you should replace it with yours) : ip route add 10.253.0.0/24 via 10.10.10.3 and that's it, after adding a static route to container, now you can access your Emby container's webui. But, there are some limitations: after restarting container, static route disappear, so unfortunately you should add it again every time you restart your container ( but there is a way to get through this, see below ). not every container have "ip" command, for example, linuxserver's jellyfin image dose not include "ip" command in it's docker image, so i have to install "ip" command first ( like "apt update && apt install iproute2" ) and then add static route. Fortunately, if you are using LinuxServer docker image, there is a way to reduce those troubles, as linuxserver.io said: So you can simply go to the custom-cont-init.d folder ( in docker container or host map path ) and create a bash scripts to add static route like this: #!/bin/bash ip route add 10.253.0.0/24 via 10.10.10.3 if Container dose not have "ip" command: #!/bin/bash apt update && apt install -y iproute2 && ip route add 10.253.0.0/24 via 10.10.10.3 And now static route persists even restarting container. So that's all, this is the way i get around, it's not a perfect method, but at least i can access my container with static ip address now, i hope someone can solve this problem perfectly in some day. (Sorry for my English, its not my native language.) awesome. I'll give it a try. Thanks! Quote Link to comment
ax77 Posted April 19, 2022 Share Posted April 19, 2022 On 4/17/2022 at 2:12 PM, bonienl said: I added in Unraid 6.10-rc5 the automatic creation of the necessary routes to access containers on network 'br0' remotely. "Host access to custom networks" must be enabled, to allow communication to the container using a WireGuard tunnel configured for remote LAN access. With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router. @JackieWu thanks for introducing this solution! Could you elaborate on accessing VLANs? I have everything setup for complex networks. I can ping devices on different VLANs but I can't access their web gui's. Not sure what other static route I can add. Quote Link to comment
bonienl Posted April 19, 2022 Author Share Posted April 19, 2022 The normal routing flow in the LAN network and the VLAN network is the default route towards the home router, which on its turn has a default route to go out on the Internet. This is a straightforward left-to-right path in the picture below and works for both the Unraid server and Docker container to go out on the Internet. When a WireGuard tunnel is introduced, it resides on the Unraid server. The docker container in the VLAN network is unaware of this tunnel and don't know how to reach it, here the default route towards the home router is still followed. The home router needs to know how to reach the WireGuard tunnel, by adding a static route of the tunnel network (10.253.0.0/24) and pointing to the Unraid server address (.2). With this static route in place the VLAN network has a route back to the WireGuard tunnel and this allows a remote device to access the container over the WireGuard tunnel. There is one gotcha, both the WireGuard tunnel and Docker container reside on the same Unraid server, and docker by default does not allow a docker container in a custom network to talk to the host, hence it is required to enable the setting "Allow host access to custom network" to allow communication between container and tunnel. Quote Link to comment
ax77 Posted April 25, 2022 Share Posted April 25, 2022 On 4/17/2022 at 2:16 AM, JackieWu said: @ax77 Not a problem, thanks for response. I some kind of "solved" my problem, now i can acess my docker container with custom static ip address in the complex network ( wireguard no NAT, "Remote tunneled aceess" mode, "Host access to custom networks" enabled). The key is that adding static route to every deive (docker container or compter) you want to access. for example, in the complex network, suppose you have a Emby container with static ip address, if you want to access to Emby webui, you should open contaier's Console window in Unraid DOCKER tab and enter comman line below(10.10.10.3 is my unraid ip address and you should replace it with yours) : ip route add 10.253.0.0/24 via 10.10.10.3 and that's it, after adding a static route to container, now you can access your Emby container's webui. But, there are some limitations: after restarting container, static route disappear, so unfortunately you should add it again every time you restart your container ( but there is a way to get through this, see below ). not every container have "ip" command, for example, linuxserver's jellyfin image dose not include "ip" command in it's docker image, so i have to install "ip" command first ( like "apt update && apt install iproute2" ) and then add static route. Fortunately, if you are using LinuxServer docker image, there is a way to reduce those troubles, as linuxserver.io said: So you can simply go to the custom-cont-init.d folder ( in docker container or host map path ) and create a bash scripts to add static route like this: #!/bin/bash ip route add 10.253.0.0/24 via 10.10.10.3 if Container dose not have "ip" command: #!/bin/bash apt update && apt install -y iproute2 && ip route add 10.253.0.0/24 via 10.10.10.3 And now static route persists even restarting container. So that's all, this is the way i get around, it's not a perfect method, but at least i can access my container with static ip address now, i hope someone can solve this problem perfectly in some day. (Sorry for my English, its not my native language.) @JackieWu when I try and add the static route to my Shinobi container I get the following ip: RTNETLINK answers: Operation not permitted Quote Link to comment
JackieWu Posted April 28, 2022 Share Posted April 28, 2022 On 4/26/2022 at 5:58 AM, ax77 said: @JackieWu when I try and add the static route to my Shinobi container I get the following ip: RTNETLINK answers: Operation not permitted Ops, sorry, I forgot to say that before adding static route to container, you should add --cap-add=NET_ADMIN in Extra Parameters, because docker containers do not have full privileges by default. Quote Link to comment
bonienl Posted April 28, 2022 Author Share Posted April 28, 2022 Unraid 6.10.0-rc5 is released, which does automatic route adding for containers on custom network br0. 1 Quote Link to comment
ax77 Posted April 29, 2022 Share Posted April 29, 2022 On 4/27/2022 at 7:20 PM, JackieWu said: Ops, sorry, I forgot to say that before adding static route to container, you should add --cap-add=NET_ADMIN in Extra Parameters, because docker containers do not have full privileges by default. @JackieWu thanks, but now after inputting ip route add 10.253.0.0/24 via "unraid ip" I'm getting ip: RTNETLINK answers: Network unreachable Quote Link to comment
JackieWu Posted April 29, 2022 Share Posted April 29, 2022 24 minutes ago, ax77 said: ip route add 10.253.0.0/24 via "unraid ip" @ax77 You should replace "unraid ip" with your real unraid ip address, suppose your unraid ip is 192.168.1.10, then you should entern command line below like: ip route add 10.25.0.0/24 via 192.168.1.10 Quote Link to comment
JackieWu Posted April 29, 2022 Share Posted April 29, 2022 On 4/28/2022 at 5:36 PM, bonienl said: Unraid 6.10.0-rc5 is released, which does automatic route adding for containers on custom network br0. @bonienl Great, thanks! Quote Link to comment
ax77 Posted April 29, 2022 Share Posted April 29, 2022 5 minutes ago, JackieWu said: @ax77 You should replace "unraid ip" with your real unraid ip address, suppose your unraid ip is 192.168.1.10, then you should entern command line below like: ip route add 10.25.0.0/24 via 192.168.1.10 @jackiewu yes that's what I did Quote Link to comment
pkoci1 Posted April 30, 2022 Share Posted April 30, 2022 Hi guys, I run 6.10 rc5. Is it possible to setup a wireguard server via webgui using a global /64 subnet instead of ULAs? My ISP assigns me a static /48 prefix so I see no reason to use ipv6 nat. Quote Link to comment
SavageAUS Posted May 1, 2022 Share Posted May 1, 2022 (edited) I am having a strange issue where i download the zip from the vpn interface in unraid, import that conf file into networkmanager on Arch Linux but the tunnel does not work. Anyone else have this? Yes i have wireguard-tools installed on Arch. Edited May 1, 2022 by SavageAUS Quote Link to comment
ishtangli Posted May 1, 2022 Share Posted May 1, 2022 (edited) I need help with wireguard. I've been trying to figure this out for weeks. I'm running 6.10rc5. I cant seem to get wireguard to allow access to my network. All i can connect to is unraid webgui. I used to be able to connect to my router and other dockers running on my server. I've tried remote tunnel, remote access to LAN, etc. None seem to work. Edited May 5, 2022 by ishtangli Quote Link to comment
ishtangli Posted May 1, 2022 Share Posted May 1, 2022 On 10/17/2021 at 10:46 AM, aalyaqoub said: Hi I have wireguard with a remote tunneled access and I am having trouble access my VMs or any other things on my local network. It used to work fine and now it doesn't and I am confused on how to fix it. Did any of you have similar problems? Same exact problem. Have you found a solution? Quote Link to comment
CorneliusCornbread Posted May 12, 2022 Share Posted May 12, 2022 Is this still being maintained? It seems to be pretty out of date Quote Link to comment
trurl Posted May 12, 2022 Share Posted May 12, 2022 7 minutes ago, CorneliusCornbread said: Is this still being maintained? It seems to be pretty out of date This is the support thread for the old plugin. There isn't a plugin anymore since this is built-in now. Most of the support for this feature is here: Quote Link to comment
shrekfx Posted June 24, 2022 Share Posted June 24, 2022 Can't find this anywhere, but is there a way to get an e-mail alert or something indicating that a peer lost connection or hasn't connected in x minutes/hours/days or whatever? Quote Link to comment
thestraycat Posted June 28, 2022 Share Posted June 28, 2022 On 5/12/2022 at 5:08 PM, trurl said: This is the support thread for the old plugin. There isn't a plugin anymore since this is built-in now. Most of the support for this feature is here: But that guide references Dynamix Wireguard plugin as a pre-req... "Prerequisites You must be running Unraid 6.8+ with the Dynamix WireGuard plugin from Community Apps" Can someone confirm what maintainer they are using for wireguard now?? Quote Link to comment
ljm42 Posted June 29, 2022 Share Posted June 29, 2022 21 hours ago, thestraycat said: "Prerequisites You must be running Unraid 6.8+ with the Dynamix WireGuard plugin from Community Apps" refresh the page You must be running Unraid 6.10+, or Unraid 6.8-6.9 with the Dynamix WireGuard plugin from Community Apps Quote Link to comment
itimpi Posted June 29, 2022 Share Posted June 29, 2022 28 minutes ago, ljm42 said: refresh the page You must be running Unraid 6.10+, or Unraid 6.8-6.9 with the Dynamix WireGuard plugin from Community Apps I have just slightly reworded the linked post to make it clearer that you do not need the plugin with 6.10+. 1 Quote Link to comment
GermanGramatikov Posted August 12, 2022 Share Posted August 12, 2022 Hello, Long story short - I had an error for my wireguard in the plugin error page and just a button to delete it .. which I did with the idea to re-install it again, but unfortunately now I have an error that my unraid version is too new (6.10.3) and I cannot find any other way to install it again. Any help will be highly appreciated. Thank you! Quote Link to comment
itimpi Posted August 12, 2022 Share Posted August 12, 2022 3 hours ago, GermanGramatikov said: Hello, Long story short - I had an error for my wireguard in the plugin error page and just a button to delete it .. which I did with the idea to re-install it again, but unfortunately now I have an error that my unraid version is too new (6.10.3) and I cannot find any other way to install it again. Any help will be highly appreciated. Thank you! WireGuard is fully built into the latest Unraid releases - no need any more to install a plugin. Quote Link to comment
GermanGramatikov Posted August 12, 2022 Share Posted August 12, 2022 5 hours ago, itimpi said: WireGuard is fully built into the latest Unraid releases - no need any more to install a plugin. Hello itimpi, I know that people do not like to read long posts that is why I tried to write it as short as possible but let me try again: My Wireguard stopped working there was a new tab in plugins page called "Errors" (forgot to make screenshot it is already gone) in it it said that wireguard has an issue and the only button available was "Delete" which I pressed Now I don't have wiregurad and I cannot install it Help please? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.