Dynamix WireGuard VPN


bonienl

Recommended Posts

11 hours ago, JackieWu said:

i hope someone can solve this problem perfectly in some day

 

I added in Unraid 6.10-rc5 the automatic creation of the necessary routes to access containers on network 'br0' remotely. "Host access to custom networks" must be enabled, to allow communication to the container using a WireGuard tunnel configured for remote LAN access.

 

With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router.

 

@JackieWu thanks for introducing this solution!

 

Link to comment
10 hours ago, bonienl said:

@JackieWu thanks for introducing this solution!

 

@bonienl You are welcome !

Quote

With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router.

Glad to hear that, thanks for your efforts 😄

Edited by JackieWu
Link to comment
On 4/17/2022 at 2:16 AM, JackieWu said:

@ax77 Not a problem, thanks for response.

I some kind of "solved" my problem, now i can acess my docker container with custom static ip address in the complex network ( wireguard no NAT, "Remote tunneled aceess" mode, "Host access to custom networks" enabled). The key is that adding static route to every deive (docker container or compter) you want to access.

for example, in the complex network, suppose you have a Emby container with static ip address, if you want to access to Emby webui, you should open contaier's Console window in Unraid DOCKER tab and enter comman line below(10.10.10.3 is my unraid ip address and you should replace it with yours) :

ip route add 10.253.0.0/24 via 10.10.10.3

and that's it, after adding a static route to container, now you can access your Emby container's webui. 

But, there are some limitations:

  • after restarting container, static route disappear, so unfortunately you should add it again every time you restart your container ( but there is a way to get through this, see below ).
  • not every container have "ip" command, for example,  linuxserver's jellyfin image dose not include "ip" command in it's docker image, so i have to install "ip" command first ( like "apt update && apt install iproute2" ) and then add static route.

Fortunately, if you are using LinuxServer docker image, there is a way to reduce those troubles, as linuxserver.io said

So you can simply go to the custom-cont-init.d folder ( in docker container or host map path ) and create a bash scripts to add static route like this:

#!/bin/bash
ip route add 10.253.0.0/24 via 10.10.10.3

if Container dose not have "ip" command:

#!/bin/bash
apt update && apt install -y iproute2 && ip route add 10.253.0.0/24 via 10.10.10.3

And now static route persists even restarting container.

So that's all, this is the way i get around, it's not a perfect method, but at least i can access my container with static ip address now, i hope someone can solve this problem perfectly in some day.

 

(Sorry for my English, its not my native language.)

 

awesome.  I'll give it a try. Thanks!

Link to comment
On 4/17/2022 at 2:12 PM, bonienl said:

 

I added in Unraid 6.10-rc5 the automatic creation of the necessary routes to access containers on network 'br0' remotely. "Host access to custom networks" must be enabled, to allow communication to the container using a WireGuard tunnel configured for remote LAN access.

 

With this feature users are not obliged to create static routes on their home router (gateway), though more complex network setups with VLANs (=additional networks) still require proper static routes on the router.

 

@JackieWu thanks for introducing this solution!

 

Could you elaborate on accessing VLANs?  I have everything setup for complex networks.  I can ping devices on different VLANs but I can't access their web gui's.  Not sure what other static route I can add.

Link to comment

The normal routing flow in the LAN network and the VLAN network is the default route towards the home router, which on its turn has a default route to go out on the Internet. This is a straightforward left-to-right path in the picture below and works for both the Unraid server and Docker container to go out on the Internet.

 

When a WireGuard tunnel is introduced, it resides on the Unraid server. The docker container in the VLAN network is unaware of this tunnel and don't know how to reach it, here the default route towards the home router is still followed.

 

The home router needs to know how to reach the WireGuard tunnel, by adding a static route of the tunnel network (10.253.0.0/24) and pointing to the Unraid server address (.2). With this static route in place the VLAN network has a route back to the WireGuard tunnel and this allows a remote device to access the container over the WireGuard tunnel.

 

image.thumb.png.8937c2feb86da2070ac41b42657e8877.png

 

There is one gotcha, both the WireGuard tunnel and Docker container reside on the same Unraid server, and docker by default does not allow a docker container in a custom network to talk to the host, hence it is required to enable the setting "Allow host access to custom network" to allow communication between container and tunnel.

 

Link to comment
On 4/17/2022 at 2:16 AM, JackieWu said:

@ax77 Not a problem, thanks for response.

I some kind of "solved" my problem, now i can acess my docker container with custom static ip address in the complex network ( wireguard no NAT, "Remote tunneled aceess" mode, "Host access to custom networks" enabled). The key is that adding static route to every deive (docker container or compter) you want to access.

for example, in the complex network, suppose you have a Emby container with static ip address, if you want to access to Emby webui, you should open contaier's Console window in Unraid DOCKER tab and enter comman line below(10.10.10.3 is my unraid ip address and you should replace it with yours) :

ip route add 10.253.0.0/24 via 10.10.10.3

and that's it, after adding a static route to container, now you can access your Emby container's webui. 

But, there are some limitations:

  • after restarting container, static route disappear, so unfortunately you should add it again every time you restart your container ( but there is a way to get through this, see below ).
  • not every container have "ip" command, for example,  linuxserver's jellyfin image dose not include "ip" command in it's docker image, so i have to install "ip" command first ( like "apt update && apt install iproute2" ) and then add static route.

Fortunately, if you are using LinuxServer docker image, there is a way to reduce those troubles, as linuxserver.io said

So you can simply go to the custom-cont-init.d folder ( in docker container or host map path ) and create a bash scripts to add static route like this:

#!/bin/bash
ip route add 10.253.0.0/24 via 10.10.10.3

if Container dose not have "ip" command:

#!/bin/bash
apt update && apt install -y iproute2 && ip route add 10.253.0.0/24 via 10.10.10.3

And now static route persists even restarting container.

So that's all, this is the way i get around, it's not a perfect method, but at least i can access my container with static ip address now, i hope someone can solve this problem perfectly in some day.

 

(Sorry for my English, its not my native language.)

 

@JackieWu when I try and add the static route to my Shinobi container I get the following 

 

ip: RTNETLINK answers: Operation not permitted

 

 

Link to comment
5 minutes ago, JackieWu said:

 

@ax77 You should replace "unraid ip" with your real unraid ip address, suppose your unraid ip is 192.168.1.10, then you should entern command line below like:

 

ip route add 10.25.0.0/24 via 192.168.1.10

 

@jackiewu  yes that's what I did

Link to comment

I am having a strange issue where i download the zip from the vpn interface in unraid, import that conf file into networkmanager on Arch Linux but the tunnel does not work. Anyone else have this? Yes i have wireguard-tools installed on Arch.

Edited by SavageAUS
Link to comment

I need help with wireguard. I've been trying to figure this out for weeks. I'm running 6.10rc5. I cant seem to get wireguard to allow access to my network. All i can connect to is unraid webgui. I used to be able to connect to my router and other dockers running on my server. I've tried remote tunnel, remote access to LAN, etc. None seem to work.

Edited by ishtangli
Link to comment
On 10/17/2021 at 10:46 AM, aalyaqoub said:

Hi I have wireguard with a remote tunneled access and I am having trouble access my VMs or any other things on my local network. It used to work fine and now it doesn't and I am confused on how to fix it. Did any of you have similar problems?

Same exact problem. Have you found a solution?

 

Link to comment
  • 2 weeks later...
7 minutes ago, CorneliusCornbread said:

Is this still being maintained? It seems to be pretty out of date

This is the support thread for the old plugin. There isn't a plugin anymore since this is built-in now.

 

Most of the support for this feature is here:

 

Link to comment
  • 1 month later...
On 5/12/2022 at 5:08 PM, trurl said:

This is the support thread for the old plugin. There isn't a plugin anymore since this is built-in now.

 

Most of the support for this feature is here:

 

But that guide references Dynamix Wireguard plugin as a pre-req...

 

 

"Prerequisites

 

You must be running Unraid 6.8+ with the Dynamix WireGuard plugin from Community Apps"

 

Can someone confirm what maintainer they are using for wireguard now??

Link to comment
21 hours ago, thestraycat said:

"Prerequisites

 

You must be running Unraid 6.8+ with the Dynamix WireGuard plugin from Community Apps"

 

refresh the page :)

 

You must be running Unraid 6.10+, or Unraid 6.8-6.9 with the Dynamix WireGuard plugin from Community Apps

Link to comment
28 minutes ago, ljm42 said:

 

refresh the page :)

 

You must be running Unraid 6.10+, or Unraid 6.8-6.9 with the Dynamix WireGuard plugin from Community Apps

I have just slightly reworded the linked post to make it clearer that you do not need the plugin with 6.10+.

  • Like 1
Link to comment
  • 1 month later...

Hello,

 

Long story short - I had an error for my wireguard in the plugin error page and just a button to delete it .. which I did with the idea to re-install it again, but unfortunately now I have an error that my unraid version is too new (6.10.3) and I cannot find any other way to install it again. Any help will be highly appreciated. Thank you!

Screenshot 2022-08-12 134833.jpg

Link to comment
3 hours ago, GermanGramatikov said:

Hello,

 

Long story short - I had an error for my wireguard in the plugin error page and just a button to delete it .. which I did with the idea to re-install it again, but unfortunately now I have an error that my unraid version is too new (6.10.3) and I cannot find any other way to install it again. Any help will be highly appreciated. Thank you!

Screenshot 2022-08-12 134833.jpg

WireGuard is fully built into the latest Unraid releases - no need any more to install a plugin.

Link to comment
5 hours ago, itimpi said:

WireGuard is fully built into the latest Unraid releases - no need any more to install a plugin.

Hello itimpi,

 

I know that people do not like to read long posts that is why I tried to write it as short as possible but let me try again:

  • My Wireguard stopped working
  • there was a new tab in plugins page called "Errors" (forgot to make screenshot it is already gone)
  • in it it said that wireguard has an issue and the only button available was "Delete" which I pressed
  • Now I don't have wiregurad and I cannot install it
  • Help please?
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.