Dynamix WireGuard VPN


bonienl

Recommended Posts

On 9/10/2020 at 2:15 PM, tmchow said:

I'm having issue adding a peer.  When I hit "apply" after specifying the peer's initial info, nothing happens. Lookiing at the chrome dev tools, this error is showing up:

 


An invalid form control with name='Address:1' is not focusable.

image.png.e0f04157fa10724aa5e6a2744aebab70.png

 

quick google search found this common issue:

https://stackoverflow.com/questions/22148080/an-invalid-form-control-with-name-is-not-focusable

 

I'm having the same issue as @tmchow, with the same error message in the browser console.  It is also being reported here

 

https://www.reddit.com/r/unRAID/comments/khl3s0/issue_adding_peer_to_wireguard/

 

I've tried several different browsers, and the "apply" button has no effect.  Is anyone else experiencing this?  This is with unraid 6.8.3 and plugin version 2020.07.10b.

Link to comment
 
I'm having the same issue as@tmchow, with the same error message in the browser console.  It is also being reported here
 
https://www.reddit.com/r/unRAID/comments/khl3s0/issue_adding_peer_to_wireguard/
 
I've tried several different browsers, and the "apply" button has no effect.  Is anyone else experiencing this?  This is with unraid 6.8.3 and plugin version 2020.07.10b.

Do you by any chance have an ad blocker installed? If so make sure you disable it
Link to comment
On 2/17/2021 at 2:25 PM, warwickmm said:

I think I got it working.  After expanding the existing peers and finding the "Address:1" element, it seems that one of the peers was  missing a "Peer tunnel address".  Not sure how that disappeared, but once I filled that in I was able to add new peers.

 

Aha! Many thanks to you and @tmchow for reporting this issue with validation errors on hidden fields. I'm working on a fix for the next release.

Link to comment

Hey all, sorry if this has already been reported, don't know how to search for this.

I have the issue that the wrong config is displayed for each peer. This happened when I deleted the peer before the one i am trying to view. The web page uses the list position in the web page to get the config. If you then delete the first one for example, the index of the second one becomes the first. And when I open this one, it shows the config for peer-Tower-wg0-1.conf  when in reality it should be peer-Tower-wg0-2.conf.

So, after deleting any one but the last peer, i can't use the gui any more as it's mismatched.

 

image.thumb.png.b3889aef4d6ebda12cac49577f6add57.png

Link to comment
9 hours ago, brettm357 said:

Can i have my settings checked please - Had to change router to setup static routing have been able to handshake and connect to unraid gui - but i am unable to access LAN

It looks like you setup a static route just to 10.253.0.1, this should cover the entire 10.253.0.0/24 subnet

 

There are also some tips in the second post here, such as making sure you have bridging enabled:

 

Having said that, there are a lot of people having issues accessing their LAN currently. I'd recommend reading the last few pages of this thread and the quickstart thread.

Link to comment
On 2/26/2021 at 2:27 AM, AngusBrown said:

The web page uses the list position in the web page to get the config. If you then delete the first one for example, the index of the second one becomes the first. And when I open this one, it shows the config for peer-Tower-wg0-1.conf  when in reality it should be peer-Tower-wg0-2.conf.

So, after deleting any one but the last peer, i can't use the gui any more as it's mismatched.

You are right!

 

As a workaround, after deleting a peer, make a change to any other peer and hit save. It will renumber the config files.

Link to comment
On 3/5/2021 at 1:03 AM, ljm42 said:

It looks like you setup a static route just to 10.253.0.1, this should cover the entire 10.253.0.0/24 subnet

 

There are also some tips in the second post here, such as making sure you have bridging enabled:

 

Having said that, there are a lot of people having issues accessing their LAN currently. I'd recommend reading the last few pages of this thread and the quickstart thread.

So once changes was made can access unraid from outside network on my work computer - but no matter what i do i cannot access from my Android phone - any ideas im lost

Link to comment

Update:

 

If i go into phone settings and add google as private dns - I can connect to unraid but loose internet access for web pages

Turn off private dns phone setting can then access web pages but cannot access unraid

Switch on wifi for work - can access web pages and unraid 

Link to comment
1 hour ago, Alexstrasza said:

Hi there all. Is it expected that adding a new peer to a tunnel will disable the tunnel when apply is pressed? I've ended up in a semi-locked out situation multiple times when adding a peer and hitting apply via another peer on an active tunnel.

 

The tunnel has to be restarted when you add a peer. If you are connected to the tunnel at the time you do this, it goes down but does not come back up. If this is a common thing you need to do I would recommend creating a backup tunnel that you connect to when modifying the main tunnel.

Link to comment
1 hour ago, ljm42 said:

 

The tunnel has to be restarted when you add a peer. If you are connected to the tunnel at the time you do this, it goes down but does not come back up. If this is a common thing you need to do I would recommend creating a backup tunnel that you connect to when modifying the main tunnel.

 

That's what I've ended up doing, but why is it that the tunnel does not come back up even if "autostart" is on?

Link to comment

Mistakenly attempted to add a new peer yesterday and the whole thing came crumbing down.

 

I removed the entire /boot/config/wireguard folder, uninstalled the plug-in and tried again. Now when I try to create my initial tunnel, the page just refreshes but no settings are saved. The /boot/config/wireguard folder is not made either.

 

What (and where) are the logs that would be relevant to troubleshooting this issue? I can post them pretty quick.

 

Edit: Figured out that some remaining iptables entries in the FORWARD rule and also the WIREGUARD chain all together was still lingering after the uninstall. So I deleted those two items and rebooted. Now it's working!!

Edited by xaositek
Added fix
  • Like 1
Link to comment

Hey WireGuard users! Big thanks to @bonienl, yesterday we released a huge update to the WireGuard plugin designed to detect and prevent as many configuration problems as we could. If you are having any problems, please update the plugin, then make a small change to your tunnel and hit Apply, this will trigger all of the new validation rules. Some issues have to be fixed before the changes will save, for others you'll want to enable Advanced mode and read the helpful remarks in the right column.

 

Also, if you are having trouble accessing dockers with custom IPs or other devices on your network, be sure to revisit the quickstart guide:
  https://forums.unraid.net/topic/84226-wireguard-quickstart/

The section on complex networks was completely rewritten to describe how certain settings conflict with each other.

 


2021.03.25b
This version resolves

  • the tunnel not restarting if changes were saved while connected through the tunnel
  • incorrect AllowedIPs setting for some peer configs
  • iptables not being updated after a reboot

This version adds

  • many safety guards to prevent invalid configurations
  • validation that the local endpoint url actually resolves to the external WAN IP
  • notification on specifically which peer configs were modified when changes were saved, so the user knows to update those clients
  • Like 1
  • Thanks 1
Link to comment
1 minute ago, bonienl said:

Haha, I was a bit silent about this 9_9

 

Thanks for the write up

 

Take the glory!! It's awesome work and thank you to @ljm42 for calling it out! I've been using this daily since I stood up my second unRAID server and the craftsmanship is great. I updated and was able to reissue keys for my four devices in less than 10 minutes.

  • Like 1
Link to comment

Hey everyone. I got wireguard up and running the other day and everything looked good but I've just gone to access my nextcloud server which I've got proxied with nginx to my cloudflare domain with cloudflare ddns etc and I get the 522 errror (connection timed out). I've checked cloudflare and the ip address is updating correctly so I don't think thats a problem but obviously the traffic isn't getting back to the server. I've spent a few hours looking around and just read through the updated quickstart quide with complex networks. Its possible this falls into that but honestly its gone a little over my head. Any help would be amazing thanks.

Link to comment
13 minutes ago, Zera said:

Hey everyone. I got wireguard up and running the other day and everything looked good but I've just gone to access my nextcloud server which I've got proxied with nginx to my cloudflare domain with cloudflare ddns etc and I get the 522 errror (connection timed out). I've checked cloudflare and the ip address is updating correctly so I don't think thats a problem but obviously the traffic isn't getting back to the server. I've spent a few hours looking around and just read through the updated quickstart quide with complex networks. Its possible this falls into that but honestly its gone a little over my head. Any help would be amazing thanks.

 

Your other thread mentioned Azire, does that mean you are using VPN Tunneled Access? We have a thread for that here:

 

Basically, all of your traffic is now going through the tunnel, so you need to update the DDNS to point to Azire, not your router. And that means Azire needs to handle port forwarding and not your router.

Link to comment

Ahh yeah sorry, didn't think to put it in there. 

 

Thanks ljm, I've just emailed Azire because I'm not sure they even offer port forwarding and I'm pretty new to all this so tbh its a little over my head at the moment lol. I've just been reading a few posts etc would I put this into the local endpoint field or am I way off? Cheers.

Link to comment

G'day Legends,

So i've been using OpenVPN built into the router for years and finally looked into Wireguard via Unraid and wow, plugin and usability is awesome. Fantastic write-up also @ljm42.

One problem i'm encountering though...

I guess I fall into the 'complex networks' category as I have VLANs and some dockers running via custom networks.

I've followed the quickstart guide , enabled host access to custom networks, set 'Local network uses NAT' to No and added a static route on the router (FreshTomato).

I can connect via my phone fine, but cannot access the dockers on the custom network, or devices on other VLANs like I could if on my LAN Wifi.

Do you have any other pearls of wisdom or troubleshooting steps?

 

Edit: for clarity, I can access everything else on my LAN fine

Static Routing.png

Edited by Boo-urns
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.