musicking Posted January 31, 2020 Share Posted January 31, 2020 Hey Everyone, My Wireguard appears to connect, but doesn't show on my Dashboard in Unraid as connected. I see that on my remote device I am behind my home IP, but I can't access my Unraid Web UI from my device. Nothing has changed with my config and this just started happening. Anyone else experiencing something similar? Thanks Quote Link to comment
xorinzor Posted January 31, 2020 Share Posted January 31, 2020 Just now, musicking said: Hey Everyone, My Wireguard appears to connect, but doesn't show on my Dashboard in Unraid as connected. I see that on my remote device I am behind my home IP, but I can't access my Unraid Web UI from my device. Nothing has changed with my config and this just started happening. Anyone else experiencing something similar? Thanks I've had this on the android app of wireguard happen too, it looks as if it's connected even when it isn't. Maybe your external IP changed? or your server got a different IP address invalidating the port-forwarding? Either way, if your unraid server doesn't show the device as connected, it isn't. Quote Link to comment
musicking Posted January 31, 2020 Share Posted January 31, 2020 8 minutes ago, xorinzor said: I've had this on the android app of wireguard happen too, it looks as if it's connected even when it isn't. Maybe your external IP changed? or your server got a different IP address invalidating the port-forwarding? Either way, if your unraid server doesn't show the device as connected, it isn't. Nope, external and internal IPs are the same, nothing has changed there. I agree that things aren't connecting though Quote Link to comment
xorinzor Posted January 31, 2020 Share Posted January 31, 2020 1 minute ago, musicking said: Nope, external and internal IPs are the same, nothing has changed there. I agree that things aren't connecting though Did you confirm the Wireguard service to be running? I've had a few instances where it stopped itself after editing the config. Also, If you check the port using an online tool, is it open? if not, either the port is closed, not forwarded correctly, or nothing is listening on the port (ie: wireguard service disabled). Quote Link to comment
musicking Posted January 31, 2020 Share Posted January 31, 2020 (edited) 2 hours ago, xorinzor said: Did you confirm the Wireguard service to be running? I've had a few instances where it stopped itself after editing the config. Also, If you check the port using an online tool, is it open? if not, either the port is closed, not forwarded correctly, or nothing is listening on the port (ie: wireguard service disabled). Wireguard server is running, at least it appears to be. Online tool is showing port is closed, but I don't think the router is at fault as other open port rules are working just fine. Pretty sure I'm having issues with the Wireguard service itself I guess I could reboot at some point today. Edit: wg-quick up wg0 results in [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.253.0.1 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add 10.253.0.4/32 dev wg0 [#] ip -4 route add 10.253.0.3/32 dev wg0 [#] ip -4 route add 10.253.0.2/32 dev wg0 [#] logger -t wireguard 'Tunnel WireGuard-wg0 started' [#] iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE I do a port scan locally and it shows 51820 as closed. Edit number 2: Reboot did not fix the issue Edited January 31, 2020 by musicking Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 Anything else I should be checking? Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 2 minutes ago, musicking said: Anything else I should be checking? Tunnel should be started according to your messages above. What is the output of wg show Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 (edited) 12 minutes ago, bonienl said: Tunnel should be started according to your messages above. What is the output of wg show interface: wg0 public key: ************* private key: (hidden) listening port: 51820 peer: ************* preshared key: (hidden) allowed ips: 10.253.0.2/32 peer: ************* preshared key: (hidden) allowed ips: 10.253.0.3/32 peer: ************* preshared key: (hidden) allowed ips: 10.253.0.4/32 Edited February 3, 2020 by musicking Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 (edited) WireGuard tunnel is up and running. What port forwarding rule did you set on your router? And what is your remote peer config look like? Edited February 3, 2020 by bonienl Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 8 minutes ago, bonienl said: WireGuard tunnel is up and running. What port forwarding rule did you set on your router? And what is your remote peer config look like? Above is the router config and as for the Remote Peer config I just scanned the QR code. It is no longer working on Windows, iPad and Google Pixel. I don't think it's the peer and I think it might have started acting up around the 6.8.2 update for Unraid. Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 (edited) Do you have a static IP configured for your unraid server? Are other ports on your unraid server reachable? What if you enable the logging in your router for that port, does that give you any indications? I use unraid 6.8.2 too, but it works fine for me. EDIT: the blurred local endpoint, just to make sure, isn't set to Unraids local IP, but your external IP. Correct? In which case, did your external IP perhaps change? Edited February 3, 2020 by xorinzor Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 5 minutes ago, xorinzor said: Do you have a static IP configured for your unraid server? Are other ports on your unraid server reachable? What if you enable the logging in your router for that port, does that give you any indications? I use unraid 6.8.2 too, but it works fine for me. Yes to Static IP in Unraid as per the pictures above. Other ports (docker containers are reachable via letsencrypt docker/reverse proxy) I am enabling logging on the router now, but other rules are working fine. Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2 Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 1 minute ago, musicking said: Yes to Static IP in Unraid as per the pictures above. Other ports (docker containers are reachable via letsencrypt docker/reverse proxy) I am enabling logging on the router now, but other rules are working fine. Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2 I've had no issues with my intel xeon upon rebooting. Wasn't aware of any issues with intel either. Did you notice my edit? If you checked the port I don't think that's the issue, but it can't hurt to make sure. Let us know what the logging tells you (do another port check to trigger it, as well as try to connect with a wireguard client) Quote Link to comment
pmcnano Posted February 3, 2020 Share Posted February 3, 2020 4 minutes ago, musicking said: Yes to Static IP in Unraid as per the pictures above. Other ports (docker containers are reachable via letsencrypt docker/reverse proxy) I am enabling logging on the router now, but other rules are working fine. Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2 Honestly, I don't see this has been mentioned. But have you checked that the UDP port is opened? Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 (edited) 2 minutes ago, pmcnano said: Honestly, I don't see this has been mentioned. But have you checked that the UDP port is opened? 16 minutes ago, musicking said: Above is the router config Edited February 3, 2020 by xorinzor Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 4 minutes ago, musicking said: I'm wondering if the change to fix this broke my wireguard in 6.8.2 No, WireGuard is working fine in 6.8.2. Just made a test to confirm this. Quote Link to comment
pmcnano Posted February 3, 2020 Share Posted February 3, 2020 (edited) 1 minute ago, xorinzor said: Not what I meant. To actually check that the port is in fact open. https://check-host.net/check-udp Edited February 3, 2020 by pmcnano Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 Just now, pmcnano said: Not what I meant. To actually check that the port is in fact openned. https://check-host.net/check-udp That has been tested already, it's closed. We're just trying to figure out why at this point. Could be completely unrelated to the port forwarding if there's no service listening to the port. 1 Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 Just now, xorinzor said: That has been tested already, it's closed. You can't really test this, because WireGuard will not respond to anything on this port unless it is a WireGuard connection set up. Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 (edited) 3 minutes ago, bonienl said: You can't really test this, because WireGuard will not respond to anything on this port unless it is a WireGuard connection set up. Interesting, though you can kinda confirm it by checking the output of netstat -atunl | grep 51820 Edited February 3, 2020 by xorinzor Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 3 minutes ago, pmcnano said: Not what I meant. To actually check that the port is in fact open. https://check-host.net/check-udp This doesn't work with WireGuard. WireGuard is designed to remain silent unless it is a true WireGuard connection set up. Quote Link to comment
pmcnano Posted February 3, 2020 Share Posted February 3, 2020 1 minute ago, bonienl said: This doesn't work with WireGuard. WireGuard is designed to remain silent unless it is a true WireGuard connection set up. I'm sorry but it actually works for me. I just checked both my tunnels and they are detected a open. Quote Link to comment
warcode Posted February 3, 2020 Share Posted February 3, 2020 I am experiencing a similar issue. I updated the plugin, added a new client, clicked apply yesterday and I have also lost access to both the server and my vpn tunnels, on both ios and windows. I am currently away so I can't check the actual server. WireGuard connects, gets an ip, and says everything seems correct, but I am not allowed to connect to anything else any more. It might just be that the server requires a restart but I won't know until later this week. Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 3 minutes ago, xorinzor said: Well, you can kinda confirm it by checking the output of It was already confirmed that Wireguard is running and listening on the designated port. Just do wg show # wg show interface: wg0 public key: ********************** private key: (hidden) listening port: 51832 peer: 3xow47demgEeU2eF6zNZPJO38cY7l9WsLRqjXcKbdC4= endpoint: 192.168.2.15:52047 allowed ips: 10.253.0.2/32 latest handshake: 1 minute, 34 seconds ago transfer: 784.12 KiB received, 2.28 MiB sent Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 Just now, bonienl said: It was already confirmed that Wireguard is running and listening on the designated port. Just do wg show # wg show interface: wg0 public key: ********************** private key: (hidden) listening port: 51832 peer: 3xow47demgEeU2eF6zNZPJO38cY7l9WsLRqjXcKbdC4= endpoint: 192.168.2.15:52047 allowed ips: 10.253.0.2/32 latest handshake: 1 minute, 34 seconds ago transfer: 784.12 KiB received, 2.28 MiB sent I've learned over time never to trust output of applications themselves, but just to get it from the source. It can't hurt to check netstat just in case Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.