Dynamix WireGuard VPN


bonienl

Recommended Posts

Hey Everyone,

 

My Wireguard appears to connect, but doesn't show on my Dashboard in Unraid as connected. I see that on my remote device I am behind my home IP, but I can't access my Unraid Web UI from my device. Nothing has changed with my config and this just started happening.

Anyone else experiencing something similar?

 

Thanks

Link to comment
Just now, musicking said:

Hey Everyone,

 

My Wireguard appears to connect, but doesn't show on my Dashboard in Unraid as connected. I see that on my remote device I am behind my home IP, but I can't access my Unraid Web UI from my device. Nothing has changed with my config and this just started happening.

Anyone else experiencing something similar?

 

Thanks

I've had this on the android app of wireguard happen too, it looks as if it's connected even when it isn't.
Maybe your external IP changed? or your server got a different IP address invalidating the port-forwarding?

Either way, if your unraid server doesn't show the device as connected, it isn't.

Link to comment
8 minutes ago, xorinzor said:

I've had this on the android app of wireguard happen too, it looks as if it's connected even when it isn't.
Maybe your external IP changed? or your server got a different IP address invalidating the port-forwarding?

Either way, if your unraid server doesn't show the device as connected, it isn't.

Nope, external and internal IPs are the same, nothing has changed there. I agree that things aren't connecting though :(

Link to comment
1 minute ago, musicking said:

Nope, external and internal IPs are the same, nothing has changed there. I agree that things aren't connecting though :(

Did you confirm the Wireguard service to be running? I've had a few instances where it stopped itself after editing the config.

Also, If you check the port using an online tool, is it open? if not, either the port is closed, not forwarded correctly, or nothing is listening on the port (ie: wireguard service disabled).

Link to comment
2 hours ago, xorinzor said:

Did you confirm the Wireguard service to be running? I've had a few instances where it stopped itself after editing the config.

Also, If you check the port using an online tool, is it open? if not, either the port is closed, not forwarded correctly, or nothing is listening on the port (ie: wireguard service disabled).

Wireguard server is running, at least it appears to be. Online tool is showing port is closed, but I don't think the router is at fault as other open port rules are working just fine. Pretty sure I'm having issues with the Wireguard service itself :(

I guess I could reboot at some point today.

 

Edit:

wg-quick up wg0 results in

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.253.0.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.253.0.4/32 dev wg0
[#] ip -4 route add 10.253.0.3/32 dev wg0
[#] ip -4 route add 10.253.0.2/32 dev wg0
[#] logger -t wireguard 'Tunnel WireGuard-wg0 started'
[#] iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE

 

I do a port scan locally and it shows 51820 as closed.

 

Edit number 2:

Reboot did not fix the issue

Edited by musicking
Link to comment
12 minutes ago, bonienl said:

Tunnel should be started according to your messages above. What is the output of


wg show

 

interface: wg0
  public key: *************
  private key: (hidden)
  listening port: 51820

peer: *************
  preshared key: (hidden)
  allowed ips: 10.253.0.2/32

peer: *************
  preshared key: (hidden)
  allowed ips: 10.253.0.3/32

peer: *************
  preshared key: (hidden)
  allowed ips: 10.253.0.4/32

 

image.thumb.png.1acd7279378356b052b18eebf6a7a985.png

image.thumb.png.4a6fc6940bb62c1686e8092babc9031e.png

Edited by musicking
Link to comment
8 minutes ago, bonienl said:

WireGuard tunnel is up and running.

What port forwarding rule did you set on your router?

 

And what is your remote peer config look like?

image.thumb.png.c0aa3cee9dd3f8f6a674faa934ee02ae.png

Above is the router config and as for the Remote Peer config I just scanned the QR code. It is no longer working on Windows, iPad and Google Pixel. I don't think it's the peer and I think it might have started acting up around the 6.8.2 update for Unraid.

image.thumb.png.6ca54a51307f0e9f201be8464b3668df.png

Link to comment

Do you have a static IP configured for your unraid server?

Are other ports on your unraid server reachable?

 

What if you enable the logging in your router for that port, does that give you any indications?

 

I use unraid 6.8.2 too, but it works fine for me.

 

EDIT: the blurred local endpoint, just to make sure, isn't set to Unraids local IP, but your external IP. Correct? In which case, did your external IP perhaps change?

Edited by xorinzor
Link to comment
5 minutes ago, xorinzor said:

Do you have a static IP configured for your unraid server?

Are other ports on your unraid server reachable?

 

What if you enable the logging in your router for that port, does that give you any indications?

 

I use unraid 6.8.2 too, but it works fine for me.

Yes to Static IP in Unraid as per the pictures above.
Other ports (docker containers are reachable via letsencrypt docker/reverse proxy)

 

I am enabling logging on the router now, but other rules are working fine.

 

Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2

Link to comment
1 minute ago, musicking said:

Yes to Static IP in Unraid as per the pictures above.
Other ports (docker containers are reachable via letsencrypt docker/reverse proxy)

 

I am enabling logging on the router now, but other rules are working fine.

 

Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2

I've had no issues with my intel xeon upon rebooting. Wasn't aware of any issues with intel either.
Did you notice my edit? If you checked the port I don't think that's the issue, but it can't hurt to make sure.

 

Let us know what the logging tells you (do another port check to trigger it, as well as try to connect with a wireguard client)

Link to comment
4 minutes ago, musicking said:

Yes to Static IP in Unraid as per the pictures above.
Other ports (docker containers are reachable via letsencrypt docker/reverse proxy)

 

I am enabling logging on the router now, but other rules are working fine.

 

Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2

Honestly, I don't see this has been mentioned. But have you checked that the UDP port is opened? 

Link to comment
3 minutes ago, bonienl said:

You can't really test this, because WireGuard will not respond to anything on this port unless it is a WireGuard connection set up.

Interesting, though you can kinda confirm it by checking the output of 

netstat -atunl | grep 51820

 

Edited by xorinzor
Link to comment

I am experiencing a similar issue.

 

I updated the plugin, added a new client, clicked apply yesterday and I have also lost access to both the server and my vpn tunnels, on both ios and windows. I am currently away so I can't check the actual server. WireGuard connects, gets an ip, and says everything seems correct, but I am not allowed to connect to anything else any more.

 

It might just be that the server requires a restart but I won't know until later this week.

Link to comment
3 minutes ago, xorinzor said:

Well, you can kinda confirm it by checking the output of 

It was already confirmed that Wireguard is running and listening on the designated port. Just do

wg show
# wg show
interface: wg0
  public key: **********************
  private key: (hidden)
  listening port: 51832

peer: 3xow47demgEeU2eF6zNZPJO38cY7l9WsLRqjXcKbdC4=
  endpoint: 192.168.2.15:52047
  allowed ips: 10.253.0.2/32
  latest handshake: 1 minute, 34 seconds ago
  transfer: 784.12 KiB received, 2.28 MiB sent

 

Link to comment
Just now, bonienl said:

It was already confirmed that Wireguard is running and listening on the designated port. Just do


wg show

# wg show
interface: wg0
  public key: **********************
  private key: (hidden)
  listening port: 51832

peer: 3xow47demgEeU2eF6zNZPJO38cY7l9WsLRqjXcKbdC4=
  endpoint: 192.168.2.15:52047
  allowed ips: 10.253.0.2/32
  latest handshake: 1 minute, 34 seconds ago
  transfer: 784.12 KiB received, 2.28 MiB sent

 

I've learned over time never to trust output of applications themselves, but just to get it from the source.
It can't hurt to check netstat just in case ;) 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.