bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 2 minutes ago, xorinzor said: It can't hurt to check netstat just in case Very true Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 8 minutes ago, pmcnano said: I'm sorry but it actually works for me. I just checked both my tunnels and they are detected a open. Interesting. A keypoint of WireGuard is/was its difficulty to detect ... Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 4 minutes ago, bonienl said: Interesting. A keypoint of WireGuard is/was its difficulty to detect ... It's shown as up, but not what service is running (checked using nmap) https://suip.biz/?act=nmap Quote Link to comment
pmcnano Posted February 3, 2020 Share Posted February 3, 2020 4 minutes ago, bonienl said: Interesting. A keypoint of WireGuard is/was its difficulty to detect ... I wasn't on my computer when I replied a couple of minutes ago, but just in case: Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 20 minutes ago, xorinzor said: Interesting, though you can kinda confirm it by checking the output of netstat -atunl | grep 51820 udp 0 0 0.0.0.0:51820 0.0.0.0:* udp6 0 0 :::51820 :::* I'm also going to reboot my Unifi Gateway as it's doing a couple strange things. Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 42 minutes ago, xorinzor said: the blurred local endpoint, just to make sure, isn't set to Unraids local IP, but your external IP. Correct? In which case, did your external IP perhaps change? Good point. This is either your external (public) IP address or a resolveable name. Make sure this is still correct, i.e. update if your router has changed its external address. Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 Just now, bonienl said: Good point. This is either your external (public) IP address or a resolveable name. Make sure this is still correct, i.e. update if your router has changed its external address. This hasn't changed and can confirm working as I'm tunneled into my network through a VM right now. I just have the FQDN in there right now. Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 Router reboot did not solve the issue. I might just remove the Wireguard plugin completely and re-configure using the same keys. Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 Tried a different tunnel on a different port, removed the config and plugin completely and then reconfigured everything from scratch, still no go Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 (edited) can you connect from the local network to the server? This would further narrow down if it's related to the port forwarding, or something else. EDIT: Can you also put a screenshot of your routing table here? (viewable at /Settings/NetworkSettings) Edited February 3, 2020 by xorinzor Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 5 minutes ago, musicking said: Tried a different tunnel on a different port, removed the config and plugin completely and then reconfigured everything from scratch, still no go Another route you may want to try. Enable UPnP on your router and Unraid server. Remove the static port forwarding entries in your router. With UPnP enabled Unraid should see (and report in the GUI) what the router is doing as port forwarding. Quote Link to comment
bonienl Posted February 3, 2020 Author Share Posted February 3, 2020 Another easy test.... Disconnect eth1, this forces all traffic to go over eth0. Does it work now? Disconnect eth0, this forces all traffic to go over eth1. Does it work now? Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 I will have to test shutting down eth1 and eth0 when I get home, don't want to via SSH in case I get disconnected. I am having 0 port forwarding issues with my other rules, so it would be strange if UPNP fixed the issue. I might try it though, just for the reporting. I wasn't able to see any issues in the logs when I checked my port forwarding logs Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 (edited) 6 minutes ago, musicking said: I will have to test shutting down eth1 and eth0 when I get home, don't want to via SSH in case I get disconnected. I am having 0 port forwarding issues with my other rules, so it would be strange if UPNP fixed the issue. I might try it though, just for the reporting. I wasn't able to see any issues in the logs when I checked my port forwarding logs What output do you get on the command below? sysctl -a | grep -e "ipv4.ip_" -e "wg0" Don't be suprised, the output is quite a lot Edited February 3, 2020 by xorinzor Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 4 minutes ago, xorinzor said: sysctl -a | grep -e "ipv4.ip_" -e "wg0" net.ipv4.conf.wg0.accept_local = 0 net.ipv4.conf.wg0.accept_redirects = 1 net.ipv4.conf.wg0.accept_source_route = 1 net.ipv4.conf.wg0.arp_accept = 0 net.ipv4.conf.wg0.arp_announce = 0 net.ipv4.conf.wg0.arp_filter = 0 net.ipv4.conf.wg0.arp_ignore = 0 net.ipv4.conf.wg0.arp_notify = 0 net.ipv4.conf.wg0.bc_forwarding = 0 net.ipv4.conf.wg0.bootp_relay = 0 net.ipv4.conf.wg0.disable_policy = 0 net.ipv4.conf.wg0.disable_xfrm = 0 net.ipv4.conf.wg0.drop_gratuitous_arp = 0 net.ipv4.conf.wg0.drop_unicast_in_l2_multicast = 0 net.ipv4.conf.wg0.force_igmp_version = 0 net.ipv4.conf.wg0.forwarding = 1 net.ipv4.conf.wg0.igmpv2_unsolicited_report_interval = 10000 net.ipv4.conf.wg0.igmpv3_unsolicited_report_interval = 1000 net.ipv4.conf.wg0.ignore_routes_with_linkdown = 0 net.ipv4.conf.wg0.log_martians = 0 net.ipv4.conf.wg0.mc_forwarding = 0 net.ipv4.conf.wg0.medium_id = 0 net.ipv4.conf.wg0.promote_secondaries = 0 net.ipv4.conf.wg0.proxy_arp = 0 net.ipv4.conf.wg0.proxy_arp_pvlan = 0 net.ipv4.conf.wg0.route_localnet = 0 net.ipv4.conf.wg0.rp_filter = 0 net.ipv4.conf.wg0.secure_redirects = 1 net.ipv4.conf.wg0.send_redirects = 0 net.ipv4.conf.wg0.shared_media = 1 net.ipv4.conf.wg0.src_valid_mark = 0 net.ipv4.conf.wg0.tag = 0 net.ipv4.ip_default_ttl = 64 net.ipv4.ip_dynaddr = 0 net.ipv4.ip_early_demux = 1 net.ipv4.ip_forward = 1 net.ipv4.ip_forward_update_priority = 1 net.ipv4.ip_forward_use_pmtu = 0 net.ipv4.ip_local_port_range = 32768 60999 net.ipv4.ip_local_reserved_ports = net.ipv4.ip_no_pmtu_disc = 0 net.ipv4.ip_nonlocal_bind = 0 net.ipv4.ip_unprivileged_port_start = 1024 net.ipv4.neigh.wg0.anycast_delay = 100 net.ipv4.neigh.wg0.app_solicit = 0 net.ipv4.neigh.wg0.base_reachable_time_ms = 30000 net.ipv4.neigh.wg0.delay_first_probe_time = 5 net.ipv4.neigh.wg0.gc_stale_time = 60 net.ipv4.neigh.wg0.locktime = 100 net.ipv4.neigh.wg0.mcast_resolicit = 0 net.ipv4.neigh.wg0.mcast_solicit = 3 net.ipv4.neigh.wg0.proxy_delay = 80 net.ipv4.neigh.wg0.proxy_qlen = 64 net.ipv4.neigh.wg0.retrans_time_ms = 1000 net.ipv4.neigh.wg0.ucast_solicit = 3 net.ipv4.neigh.wg0.unres_qlen = 101 net.ipv4.neigh.wg0.unres_qlen_bytes = 212992 net.ipv6.conf.wg0.accept_dad = -1 net.ipv6.conf.wg0.accept_ra = 1 net.ipv6.conf.wg0.accept_ra_defrtr = 1 net.ipv6.conf.wg0.accept_ra_from_local = 0 net.ipv6.conf.wg0.accept_ra_min_hop_limit = 1 net.ipv6.conf.wg0.accept_ra_mtu = 1 net.ipv6.conf.wg0.accept_ra_pinfo = 1 net.ipv6.conf.wg0.accept_redirects = 1 net.ipv6.conf.wg0.accept_source_route = 0 net.ipv6.conf.wg0.addr_gen_mode = 1 net.ipv6.conf.wg0.autoconf = 1 net.ipv6.conf.wg0.dad_transmits = 1 net.ipv6.conf.wg0.disable_ipv6 = 0 net.ipv6.conf.wg0.disable_policy = 0 net.ipv6.conf.wg0.drop_unicast_in_l2_multicast = 0 net.ipv6.conf.wg0.drop_unsolicited_na = 0 net.ipv6.conf.wg0.enhanced_dad = 1 net.ipv6.conf.wg0.force_mld_version = 0 net.ipv6.conf.wg0.force_tllao = 0 net.ipv6.conf.wg0.forwarding = 0 net.ipv6.conf.wg0.hop_limit = 64 net.ipv6.conf.wg0.ignore_routes_with_linkdown = 0 net.ipv6.conf.wg0.keep_addr_on_down = 0 net.ipv6.conf.wg0.max_addresses = 16 net.ipv6.conf.wg0.max_desync_factor = 600 net.ipv6.conf.wg0.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.wg0.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.wg0.mtu = 1420 net.ipv6.conf.wg0.ndisc_notify = 0 net.ipv6.conf.wg0.ndisc_tclass = 0 net.ipv6.conf.wg0.proxy_ndp = 0 net.ipv6.conf.wg0.regen_max_retry = 3 net.ipv6.conf.wg0.router_solicitation_delay = 1 net.ipv6.conf.wg0.router_solicitation_interval = 4 net.ipv6.conf.wg0.router_solicitation_max_interval = 3600 net.ipv6.conf.wg0.router_solicitations = -1 net.ipv6.conf.wg0.seg6_enabled = 0 net.ipv6.conf.wg0.suppress_frag_ndisc = 1 net.ipv6.conf.wg0.temp_prefered_lft = 86400 net.ipv6.conf.wg0.temp_valid_lft = 604800 net.ipv6.conf.wg0.use_oif_addrs_only = 0 net.ipv6.conf.wg0.use_tempaddr = -1 net.ipv6.neigh.wg0.anycast_delay = 100 net.ipv6.neigh.wg0.app_solicit = 0 net.ipv6.neigh.wg0.base_reachable_time_ms = 30000 net.ipv6.neigh.wg0.delay_first_probe_time = 5 net.ipv6.neigh.wg0.gc_stale_time = 60 net.ipv6.neigh.wg0.locktime = 0 net.ipv6.neigh.wg0.mcast_resolicit = 0 net.ipv6.neigh.wg0.mcast_solicit = 3 net.ipv6.neigh.wg0.proxy_delay = 80 net.ipv6.neigh.wg0.proxy_qlen = 64 net.ipv6.neigh.wg0.retrans_time_ms = 1000 net.ipv6.neigh.wg0.ucast_solicit = 3 net.ipv6.neigh.wg0.unres_qlen = 101 net.ipv6.neigh.wg0.unres_qlen_bytes = 212992 Quote Link to comment
xorinzor Posted February 3, 2020 Share Posted February 3, 2020 1 minute ago, musicking said: net.ipv4.conf.wg0.accept_local = 0 net.ipv4.conf.wg0.accept_redirects = 1 net.ipv4.conf.wg0.accept_source_route = 1 ... <snip> ... Hm, even those settings are the same as mine. Did you get to test a connection to wireguard via the local network? Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 2 minutes ago, xorinzor said: Did you get to test a connection to wireguard via the local network? Not yet, I'm not home until later tonight. I will definitely test this though. Quote Link to comment
musicking Posted February 3, 2020 Share Posted February 3, 2020 (edited) I don't think it's the router, I see the router logs passing the connection using the port forwarding rule...but then nothing. Edit: What is strange is the Wireguard Clients appear to connect just fine (no issue in the log). I'm not seeing anything connected via Unraid though (no handshake). I tried locally through a VM and it appears to work, but no updated handshake in Unraid. More Edits: Son of a B*tch....handshake just updated in the Plugin page and it's working. I have no idea what the "fix" was. This will forever bug me now that I don't know why it started working. Also, thank you everyone, you are all awesome for helping me. Edited February 3, 2020 by musicking More Info Quote Link to comment
cbf305 Posted February 5, 2020 Share Posted February 5, 2020 Just built an unRAID server. It's been running fine for about a month. I have a tunnel setup and 5 clients/peers. Wireguard works great...until I reboot the server. It was autostarting just fine, but even with the autostart ticked to on, the tunnel no longer starts. I was on 6.8.2 when I noticed it not auto starting. I downgraded back to 6.8.1 and the issue still persists. I've toggled autostart and I can see that the autostart file in the config folder on the flash drive gets updated with wg0 and all the correct config files are there, but it just will not autostart anymore. I even created a second tunnel just to test with and it autostarts just fine. Do I just need to blow away wg0 and recreate it or is there something else I can try? Also I see an import tunnel button, but how do I export one? Do I just grab the wg0.conf file off the flash drive? Thanks! Quote Link to comment
bonienl Posted February 5, 2020 Author Share Posted February 5, 2020 Autostart should work, it sounds like something got corrupted in your configuration file. Try wg-quick up wg0 And post the result. 1 hour ago, cbf305 said: Also I see an import tunnel button, but how do I export one? Click on the "eye" icon of the tunnel and choose download (or read the QR code) Quote Link to comment
cbf305 Posted February 5, 2020 Share Posted February 5, 2020 Here are the results: root@unRAID:~# wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.100.100.1 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add 10.100.100.7/32 dev wg0 [#] ip -4 route add 10.100.100.6/32 dev wg0 [#] ip -4 route add 10.100.100.5/32 dev wg0 [#] ip -4 route add 10.100.100.4/32 dev wg0 [#] ip -4 route add 10.100.100.3/32 dev wg0 [#] ip -4 route add 10.100.100.2/32 dev wg0 [#] ip -4 route add 10.37.2.0/24 dev wg0 [#] ip -4 route add 10.37.150.0/24 dev wg0 [#] logger -t wireguard 'Tunnel WireGuard-wg0 started' [#] iptables -t nat -A POSTROUTING -s 10.100.100.0/24 -o br0 -j MASQUERADE Thanks for the tip about the download button. On my screen those two buttons are just off the bottom edge of the pop-up window, but I can see all the clients so I never had the need to scroll down 😛 FWIW, the wg0 appears to operate normally when it's up. My laptop and phone can get in and get to my stuff whenever I am out of the house. Quote Link to comment
bonienl Posted February 5, 2020 Author Share Posted February 5, 2020 5 minutes ago, cbf305 said: FWIW, the wg0 appears to operate normally when it's up. Did you set "autostart" for tunnel wg0? Quote Link to comment
cbf305 Posted February 5, 2020 Share Posted February 5, 2020 Yes. With Autostart toggled off, the autostart file in: /boot/config/wireguard/ is empty. When I toggle on Autostart in the web UI, that same file now contains: wg0 In the file I also see that there is a trailing space and no CR. I'm not sure if that is how it's supposed to be, but wanted to note it. If I reboot with Autostart toggled on the tunnel does not activate until I go to the web UI and manually toggle Inactive to on. When I manually brought up the tunnel with wg-quick and refreshed the web UI, the tunnel then displayed Active with the toggle on. Quote Link to comment
bonienl Posted February 5, 2020 Author Share Posted February 5, 2020 (edited) 56 minutes ago, cbf305 said: If I reboot with Autostart toggled on the tunnel does not activate until I go to the web UI and manually toggle Inactive to on. I can not reproduce your situation. I created a tunnel WG0 with a remote peer, activated it and switched autostart on. After a reboot the tunnel is active again, like it was before rebooting the system. Since you don't get any error message when manually activating the tunnel, it should work too after a reboot, which my own testing confirms. I don't know what is going wrong for you. Can you post diagnostics after rebooting your system? Edited February 5, 2020 by bonienl Quote Link to comment
lviperz Posted February 5, 2020 Share Posted February 5, 2020 (edited) I'm having issues with transfer speeds through the tunnel. I'm not sure if my problem fits in the scope of this topic. My apologies if it doesn't. I've been using iperf to test the speeds through my tunnel and at best I'm only getting maybe 2 Mbits. Here is my setup and what I have done to troubleshoot. I'm just wondering if anyone has any other ideas. I have a 500/50 internet using an older motorola sb6141. I was using a tp-link archer c2 ac750 but replaced it last night with a netgear r6260 ac1600. The router has to switches connected. Switch 1 is an unmanaged cisco (don't recall the model). Switch 2 is a ubiquiti edgemax. Both are gigabit. All devices capable of gigabit are running at gigabit. This includes all devices used for testing with iperf. Also, all home network computers can get 250-300Mbps through my internet connection (limits of the sb6141) and also achieve near 1Gbps with iperf. I also checked iperf on 2 pc's connected to both switches (switch 1 through router hub to switch 2). I was actually hoping wireguard in my unraid server would have solved my slow tunnel speeds but it hasn't. Tunnels are only used to access my home lan only. I first had a rpi running pivpn. The rpi is in switch 2. I ran iperf server on both the rpi and another win7 pc in the same switch. Both resulted in slow speeds through the tunnel. I have a nginx reverse proxy setup on the rpi and if I use it for an iperf test I can achieve 40-50 Mbits. I thought maybe it was my rpi (rpi3b+) running openvpn and not having enough horsepower so I setup a test ubuntu server and ran pivpn on it. Still got the same slow tunnel speeds. So I tried a l2tp/ipsec vpn on both the rpi and ubuntu servers. Still same slow tunnel speeds. At a loss and planning a unraid server, I noticed wireguard support and built my server last weekend. Got wireguard setup ran an iperf test. Same slow speeds. I ran iperf tests through wireguard to iperf servers running on devices connected to both switches. All tested at about 2 Mbits. My unraid server shows a gig network connection and file transfers across my home network (traversing through both switches) are achieving 40-50Mbits or faster. The server can achieve 250-300Mbps internet speeds. As a last resort I replace my old tp-link router with a netgear r6260 last night. Ran some iperf tests this morning and still getting 2 Mbits. The only thing left I can think of is maybe my old sb6141. I have a arris sb6183 that I'm getting ready to install but I wanted to see if anyone had any other ideas or suggestions. Again, my apologies if this isn't the scope of this topic. Edit. Just to add, I just tried using the openvpn builtin to the netgear router and I still only get 2 Mbits. Edited February 5, 2020 by lviperz add a test result Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.