Dynamix WireGuard VPN


bonienl

Recommended Posts

On 11/3/2019 at 10:32 AM, Hoopster said:


Yes, you cannot connect to docker containers on br0. You need either a VLAN or different NIC to which to assign docker containers that need a custom IP address.


Sent from my iPhone using Tapatalk

I have no issues accessing my br0 dockers using the fqdn i have assigned to them internally from my iPhone using Wireguard with Remote LAN connection, only using port forwarding (cant seem to get static routes to work on my Unifi setup) no VLAN's in use for br0 either

Edited by Can0nfan
Link to comment

So I got wireguard working and everything seemed to be good. Then i rebooted my server and now i can't get it to change from inactive to active. I had auto start on as well. The log shows me trying to start it up 'wireguard: Tunnel WireGuard-wg0 started'. I rebooted my server again just to make sure... no change. I'm not sure what else i should be checking. Thank you for your help.

Edited by clonednet
More Information
Link to comment
1 hour ago, clonednet said:

So I got wireguard working and everything seemed to be good. Then i rebooted my server and now i can't get it to change from inactive to active. I had auto start on as well. The log shows me trying to start it up 'wireguard: Tunnel WireGuard-wg0 started'. I rebooted my server again just to make sure... no change. I'm not sure what else i should be checking. Thank you for your help.

Can you post the output of the commands that have been mentioned in previous replies? Could help establish a baseline.
I think everyone here is roughly having the same problem.

Link to comment

I have an odd issue - I've been able to successfully connect to my server using the "Remote Tunneled Access" option on my phone without issue.  I created another peer of the same type to connect my Windows laptop, but the only way I could get it to work was to un-check the "Block Untunneled traffic (kill-switch)" option.  This seems to add "128.0.0.0/1" to the allowed IPs.

 

Does this mean that it's not routing all my traffic through the VPN? Is there some configuration I need to fix?

Link to comment

Hi everyone,

 

I am new to  unraid as well as wireguard but i really enjoy and appreciate the help on this forum.

Thanks a lot for the support and explaination !

 

I followed the instructaion and it work perfectly !

However i would like to be able to access my remote peer's LAN.

so i added a dynamic DNS to my peer's router and change the setting of wireguard to "LAN to LAN access".

 

configuration are as follow :

 

[UnRaid Server]

Network protocol : IPv4 only

Local tunnel network pool : 10.253.0.0/24

Local tunnel address : 10.253.0.1

Local endpoint : DynamicDNSOfTheUnraidServer.dns :51820

Local server use NAT : yes

 

[Peer]

Peer tunnel address : 10.253.0.6

Peer endpoint : DynamicDNSOfThePeerServer.dns : 51820

Peer allowed IPs : 10.253.0.6

 

when i try to connect my peer to the wireguard tunnel, i got this herror message :

 

"Unable to import configuration : invalid key for [Peer] section "address""

 

PS : my peer server and network is on 192.163.13.0/24

 

I saw that there were a TBD modification to do when "LAN to LAN access" would be use.

Is there anybody having more information about it ?

 

Thanks a lot for your help !

Link to comment

Hello i have spend a lot of time trying to make tis work, without luck. I am trying to connect with my android phone over 4g using qr code i also tryid with my wifes phone but i cant connect. I just want remote acess to server and smb share on the server. the port is open on my router so thats not the problem.  is there anyone here that can spot the problem? 

 

gicYHBo.pngQQhwtEx.png

Edited by MNM87
Link to comment
1 hour ago, MNM87 said:

Hello i have spend a lot of time trying to make tis work, without luck. I am trying to connect with my android phone over 4g using qr code i also tryid with my wifes phone but i cant connect. I just want remote acess to server and smb share on the server. the port is open on my router so thats not the problem.  is there anyone here that can spot the problem? 

 

gicYHBo.pngQQhwtEx.png

Because the local endpoint is your internal IP and not external? Just a guess. Recheck that and test for open ports to see if it's the firewall.

Edited by gxs
Link to comment

Hello unraiders,

I followed the guide and tried the troubleshooting steps, however I am still struggling a little to get wireguard working.

I have posted my setup here: Link to images of setup

Am I doing something quite stupid? I checked the port, appears to be forwarded ok.

I am running pihole on a seperate server, if that matters? I heard it can cause some issues for wireguard

 

Cheers

Link to comment

Hello,

 

I am unable to get a WireGuard to talk to my server/LAN (unable to view server IP in desktop). Everything sets up fine on the UnRaid side including the uPNP port forwarding. The issue I am having (found out through WireGuard Android log files) is initiating a handshake. I have tried multiple different settings mentioned throughout the forums, i.e. Add peer endpoint, change DNS settings, turn off UPnP, use IPv4 only etc. 

 

I have removed all personal settings and gone back to basics. Any advice / suggestions is appreciated. My settings are attached, as is my system log, Android log, and full diagnostics zip. Hope that covers everything, I tried to follow the Need help? guide as best as I could.

Screenshot_2020-02-19 brewerServer VPNmanager.png

brewerserver-diagnostics-20200219-1100.zip wireguard-log.txt

Link to comment

Hello all! Running latest Unraid stable build (v6.8.2) with the latest Dynamix WireGuard plugin (2020.02.23) and have had an intermittent issue with my WireGuard tunnel.

 

The tunnel uses mostly default config settings, with one peer set to "Remote Access to LAN". The singular peer is a MacBook Pro using the WireGuard app.

 

The problem that arises is immediately after activating the tunnel on the client, I can momentarily access LAN clients like I should, but if I try to transfer (what seems like) more than a few hundred kilobytes of data, the connection immediately halts and becomes unresponsive and I am unable to connect for another few minutes. I can also see in the VPN config page that there was indeed an initial handshake and that a small amount of data was exchanged. Example; after activating the tunnel, I can open an SSH connection and run a few commands, but if I try to transfer a file over SFTP or anything else, the tunnel will "collapse" after less than a second. Note: changing the MTU between auto and several common values did not seem to have any impact.

 

In the client log, I see over and over after the "collapse";

2020-02-24 12:29:35.611 [NET] peer(I4Hj…t3Ro) - Retrying handshake because we stopped hearing back after 15 seconds

 

Does anyone have any clue what may be causing an issue like this?? I will post my tunnel and peer configurations below. Any insight would be greatly appreciated

 

server:

[Interface]
#Home Tunnel
PrivateKey=<redacted>
Address=10.253.0.1
ListenPort=5182
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'
PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE

[Peer]
#MBP LAN Access
PublicKey=<redacted>
PresharedKey=<redacted>
AllowedIPs=10.253.0.2

 

peer:

[Interface]
#MBP LAN Access
PrivateKey=<redacted>
Address=10.253.0.2/32
DNS=192.168.86.1

[Peer]
#Home Tunnel
PresharedKey=<redacted>
PublicKey=<redacted>
Endpoint=<my external ip>:5182
AllowedIPs=10.253.0.1/32, 192.168.86.0/24

 

Link to comment
2 hours ago, spgill said:

The singular peer is a MacBook Pro using the WireGuard app.

Google has a handful of results for "Retrying handshake because we stopped hearing back after 15 seconds", macOS seems to be a common thread. I don't see any solutions though, not sure what to suggest.

Link to comment
  • 2 weeks later...
On 2/20/2020 at 7:04 AM, brewea said:

Hello,

 

I am unable to get a WireGuard to talk to my server/LAN (unable to view server IP in desktop). Everything sets up fine on the UnRaid side including the uPNP port forwarding. The issue I am having (found out through WireGuard Android log files) is initiating a handshake. I have tried multiple different settings mentioned throughout the forums, i.e. Add peer endpoint, change DNS settings, turn off UPnP, use IPv4 only etc. 

 

I have removed all personal settings and gone back to basics. Any advice / suggestions is appreciated. My settings are attached, as is my system log, Android log, and full diagnostics zip. Hope that covers everything, I tried to follow the Need help? guide as best as I could.

Screenshot_2020-02-19 brewerServer VPNmanager.png

brewerserver-diagnostics-20200219-1100.zip 99.56 kB · 0 downloads wireguard-log.txt 29.28 kB · 2 downloads

Still no suggestions on this? Or this there somewhere else I should be posting?

Link to comment

I have two subnets that I would like access to.  My LAN subnet 192.168.1.0 and AUG subnet 10.10.1.0.  Unraid is on the LAN and I can access this fine, however I cannot access the AUG subnet via wireguard.

 

I can access it fine when I'm on my LAN.  Can this be done?

 

For clarification:  I can ping 10.10.1.116 from the Unraid box, but I cannot get access to it via WG.

 

thanks

david

Edited by lovingHDTV
Link to comment
  • 2 weeks later...

Ok, so I have both wg0 and wg1 tunnels set up (wg0 for remote tunneled access, and wg1 for unraid traffic)

 

I can have one or the other active, but not both simultaneously. My server is remote located, and I would like to maintain vpn access for all of the docker container / unraid traffic and retain remote tunneled access because I'm an absolute noob and need a gui. Is it possible to accomplish this somewhat simply?

 

Client access is either a windows machine or android device.

 

For what it's worth, I'm currently running wireguard/mullvad.

 

Thank you

Edited by mrknownothing
Link to comment
  • 3 weeks later...

I cannot for the life of me get speeds faster than 11MB/s.  My server is on a 300Mbps (up) connection, the Windows client is on a 300Mbps (down) connection, and are located two blocks away from each other.

 

I don't know if its limited to Wireguard.  I tried using FileBrowser and it was similarly limited to 11MB/s.  Makes me think something somewhere is thinking there is a 100Mbps link somewhere, but my VMs can each achieve 300Mbps speeds to speedtest.net.  

 

Anyone have any ideas?

Link to comment
On 4/1/2020 at 10:32 PM, toastman said:

I cannot for the life of me get speeds faster than 11MB/s.  My server is on a 300Mbps (up) connection, the Windows client is on a 300Mbps (down) connection, and are located two blocks away from each other.

 

I don't know if its limited to Wireguard.  I tried using FileBrowser and it was similarly limited to 11MB/s.  Makes me think something somewhere is thinking there is a 100Mbps link somewhere, but my VMs can each achieve 300Mbps speeds to speedtest.net.  

 

Anyone have any ideas?

 

Could try installing iperf both ends and testing TCP and UDP individually. This would at least tell you if your ISP(s) are throttling UDP connections or that the issue lies with wireguard. Additionally you can also use a public iperf server to further see if a particular side has a problem.

Edited by user457453944
Link to comment
I cannot for the life of me get speeds faster than 11MB/s.  My server is on a 300Mbps (up) connection, the Windows client is on a 300Mbps (down) connection, and are located two blocks away from each other.
 
I don't know if its limited to Wireguard.  I tried using FileBrowser and it was similarly limited to 11MB/s.  Makes me think something somewhere is thinking there is a 100Mbps link somewhere, but my VMs can each achieve 300Mbps speeds to speedtest.net.  
 
Anyone have any ideas?

Bandwidth is important but so is delay. Being a few blocks away doesn’t mean anything if it is two different carriers with suboptimal peering on the backbone. How much delay between the two endpoints?
Link to comment
  • 2 weeks later...

Any ideas why the dashboard widget is showing an active tunnel when I disconnect many minutes beforehand? Android client. I even dropped my device into airplane mode to be sure it wasn't still connected somehow. Is there a way to get it more accurate or poll connection status quicker?

 

Thanks in advance, everything else is working perfectly!

 

image.png.5c69c40c4ef1b6e96f2be5d6cdef0b89.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.