Jump to content
bonienl

Dynamix WireGuard VPN

405 posts in this topic Last Reply

Recommended Posts

Hey Everyone,

 

My Wireguard appears to connect, but doesn't show on my Dashboard in Unraid as connected. I see that on my remote device I am behind my home IP, but I can't access my Unraid Web UI from my device. Nothing has changed with my config and this just started happening.

Anyone else experiencing something similar?

 

Thanks

Share this post


Link to post
Just now, musicking said:

Hey Everyone,

 

My Wireguard appears to connect, but doesn't show on my Dashboard in Unraid as connected. I see that on my remote device I am behind my home IP, but I can't access my Unraid Web UI from my device. Nothing has changed with my config and this just started happening.

Anyone else experiencing something similar?

 

Thanks

I've had this on the android app of wireguard happen too, it looks as if it's connected even when it isn't.
Maybe your external IP changed? or your server got a different IP address invalidating the port-forwarding?

Either way, if your unraid server doesn't show the device as connected, it isn't.

Share this post


Link to post
8 minutes ago, xorinzor said:

I've had this on the android app of wireguard happen too, it looks as if it's connected even when it isn't.
Maybe your external IP changed? or your server got a different IP address invalidating the port-forwarding?

Either way, if your unraid server doesn't show the device as connected, it isn't.

Nope, external and internal IPs are the same, nothing has changed there. I agree that things aren't connecting though :(

Share this post


Link to post
1 minute ago, musicking said:

Nope, external and internal IPs are the same, nothing has changed there. I agree that things aren't connecting though :(

Did you confirm the Wireguard service to be running? I've had a few instances where it stopped itself after editing the config.

Also, If you check the port using an online tool, is it open? if not, either the port is closed, not forwarded correctly, or nothing is listening on the port (ie: wireguard service disabled).

Share this post


Link to post
2 hours ago, xorinzor said:

Did you confirm the Wireguard service to be running? I've had a few instances where it stopped itself after editing the config.

Also, If you check the port using an online tool, is it open? if not, either the port is closed, not forwarded correctly, or nothing is listening on the port (ie: wireguard service disabled).

Wireguard server is running, at least it appears to be. Online tool is showing port is closed, but I don't think the router is at fault as other open port rules are working just fine. Pretty sure I'm having issues with the Wireguard service itself :(

I guess I could reboot at some point today.

 

Edit:

wg-quick up wg0 results in

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.253.0.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.253.0.4/32 dev wg0
[#] ip -4 route add 10.253.0.3/32 dev wg0
[#] ip -4 route add 10.253.0.2/32 dev wg0
[#] logger -t wireguard 'Tunnel WireGuard-wg0 started'
[#] iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE

 

I do a port scan locally and it shows 51820 as closed.

 

Edit number 2:

Reboot did not fix the issue

Edited by musicking

Share this post


Link to post
2 minutes ago, musicking said:

Anything else I should be checking?

Tunnel should be started according to your messages above. What is the output of

wg show

 

Share this post


Link to post
12 minutes ago, bonienl said:

Tunnel should be started according to your messages above. What is the output of


wg show

 

interface: wg0
  public key: *************
  private key: (hidden)
  listening port: 51820

peer: *************
  preshared key: (hidden)
  allowed ips: 10.253.0.2/32

peer: *************
  preshared key: (hidden)
  allowed ips: 10.253.0.3/32

peer: *************
  preshared key: (hidden)
  allowed ips: 10.253.0.4/32

 

image.thumb.png.1acd7279378356b052b18eebf6a7a985.png

image.thumb.png.4a6fc6940bb62c1686e8092babc9031e.png

Edited by musicking

Share this post


Link to post

WireGuard tunnel is up and running.

What port forwarding rule did you set on your router?

 

And what is your remote peer config look like?

Edited by bonienl

Share this post


Link to post
8 minutes ago, bonienl said:

WireGuard tunnel is up and running.

What port forwarding rule did you set on your router?

 

And what is your remote peer config look like?

image.thumb.png.c0aa3cee9dd3f8f6a674faa934ee02ae.png

Above is the router config and as for the Remote Peer config I just scanned the QR code. It is no longer working on Windows, iPad and Google Pixel. I don't think it's the peer and I think it might have started acting up around the 6.8.2 update for Unraid.

image.thumb.png.6ca54a51307f0e9f201be8464b3668df.png

Share this post


Link to post

Do you have a static IP configured for your unraid server?

Are other ports on your unraid server reachable?

 

What if you enable the logging in your router for that port, does that give you any indications?

 

I use unraid 6.8.2 too, but it works fine for me.

 

EDIT: the blurred local endpoint, just to make sure, isn't set to Unraids local IP, but your external IP. Correct? In which case, did your external IP perhaps change?

Edited by xorinzor

Share this post


Link to post
5 minutes ago, xorinzor said:

Do you have a static IP configured for your unraid server?

Are other ports on your unraid server reachable?

 

What if you enable the logging in your router for that port, does that give you any indications?

 

I use unraid 6.8.2 too, but it works fine for me.

Yes to Static IP in Unraid as per the pictures above.
Other ports (docker containers are reachable via letsencrypt docker/reverse proxy)

 

I am enabling logging on the router now, but other rules are working fine.

 

Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2

Share this post


Link to post
1 minute ago, musicking said:

Yes to Static IP in Unraid as per the pictures above.
Other ports (docker containers are reachable via letsencrypt docker/reverse proxy)

 

I am enabling logging on the router now, but other rules are working fine.

 

Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2

I've had no issues with my intel xeon upon rebooting. Wasn't aware of any issues with intel either.
Did you notice my edit? If you checked the port I don't think that's the issue, but it can't hurt to make sure.

 

Let us know what the logging tells you (do another port check to trigger it, as well as try to connect with a wireguard client)

Share this post


Link to post
4 minutes ago, musicking said:

Yes to Static IP in Unraid as per the pictures above.
Other ports (docker containers are reachable via letsencrypt docker/reverse proxy)

 

I am enabling logging on the router now, but other rules are working fine.

 

Did you have the Intel reboot issue on 6.8.1? I'm wondering if the change to fix this broke my wireguard in 6.8.2

Honestly, I don't see this has been mentioned. But have you checked that the UDP port is opened? 

Share this post


Link to post
2 minutes ago, pmcnano said:

Honestly, I don't see this has been mentioned. But have you checked that the UDP port is opened? 

 

16 minutes ago, musicking said:

image.thumb.png.c0aa3cee9dd3f8f6a674faa934ee02ae.png

Above is the router config

 

 

Edited by xorinzor

Share this post


Link to post
4 minutes ago, musicking said:

I'm wondering if the change to fix this broke my wireguard in 6.8.2

No, WireGuard is working fine in 6.8.2. Just made a test to confirm this.

 

 

 

Share this post


Link to post
Just now, pmcnano said:

Not what I meant. To actually check that the port is in fact openned. 

 

https://check-host.net/check-udp

That has been tested already, it's closed. We're just trying to figure out why at this point.
Could be completely unrelated to the port forwarding if there's no service listening to the port.

Share this post


Link to post
Just now, xorinzor said:

That has been tested already, it's closed.

You can't really test this, because WireGuard will not respond to anything on this port unless it is a WireGuard connection set up.

Share this post


Link to post
3 minutes ago, bonienl said:

You can't really test this, because WireGuard will not respond to anything on this port unless it is a WireGuard connection set up.

Interesting, though you can kinda confirm it by checking the output of 

netstat -atunl | grep 51820

 

Edited by xorinzor

Share this post


Link to post
3 minutes ago, pmcnano said:

Not what I meant. To actually check that the port is in fact open. 

 

https://check-host.net/check-udp

This doesn't work with WireGuard.

WireGuard is designed to remain silent unless it is a true WireGuard connection set up.

Share this post


Link to post
1 minute ago, bonienl said:

This doesn't work with WireGuard.

WireGuard is designed to remain silent unless it is a true WireGuard connection set up.

 

I'm sorry but it actually works for me. I just checked both my tunnels and they are detected a open. 

Share this post


Link to post

I am experiencing a similar issue.

 

I updated the plugin, added a new client, clicked apply yesterday and I have also lost access to both the server and my vpn tunnels, on both ios and windows. I am currently away so I can't check the actual server. WireGuard connects, gets an ip, and says everything seems correct, but I am not allowed to connect to anything else any more.

 

It might just be that the server requires a restart but I won't know until later this week.

Share this post


Link to post
3 minutes ago, xorinzor said:

Well, you can kinda confirm it by checking the output of 

It was already confirmed that Wireguard is running and listening on the designated port. Just do

wg show
# wg show
interface: wg0
  public key: **********************
  private key: (hidden)
  listening port: 51832

peer: 3xow47demgEeU2eF6zNZPJO38cY7l9WsLRqjXcKbdC4=
  endpoint: 192.168.2.15:52047
  allowed ips: 10.253.0.2/32
  latest handshake: 1 minute, 34 seconds ago
  transfer: 784.12 KiB received, 2.28 MiB sent

 

Share this post


Link to post
Just now, bonienl said:

It was already confirmed that Wireguard is running and listening on the designated port. Just do


wg show

# wg show
interface: wg0
  public key: **********************
  private key: (hidden)
  listening port: 51832

peer: 3xow47demgEeU2eF6zNZPJO38cY7l9WsLRqjXcKbdC4=
  endpoint: 192.168.2.15:52047
  allowed ips: 10.253.0.2/32
  latest handshake: 1 minute, 34 seconds ago
  transfer: 784.12 KiB received, 2.28 MiB sent

 

I've learned over time never to trust output of applications themselves, but just to get it from the source.
It can't hurt to check netstat just in case ;) 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.