Jump to content
bonienl

Dynamix WireGuard VPN

405 posts in this topic Last Reply

Recommended Posts

17 hours ago, ljm42 said:

the static route is definitely required

Yes i know i tried it with it enabled to get it working. But i could not access the internet nor the network. So its disabled for now till i can figure something out.

Share this post


Link to post
On 4/14/2020 at 4:25 PM, SpuddyUK said:

Any ideas why the dashboard widget is showing an active tunnel when I disconnect many minutes beforehand? Android client. I even dropped my device into airplane mode to be sure it wasn't still connected somehow. Is there a way to get it more accurate or poll connection status quicker?

 

Thanks in advance, everything else is working perfectly!

 

image.png.5c69c40c4ef1b6e96f2be5d6cdef0b89.png

Did you get any answer to this? I have same issue. If it is an issue that is.

 

TIA!

Share this post


Link to post
Posted (edited)
On 4/14/2020 at 1:25 PM, SpuddyUK said:

Any ideas why the dashboard widget is showing an active tunnel when I disconnect many minutes beforehand? Android client. I even dropped my device into airplane mode to be sure it wasn't still connected somehow. Is there a way to get it more accurate or poll connection status quicker?

 

Thanks in advance, everything else is working perfectly!

 

image.png.5c69c40c4ef1b6e96f2be5d6cdef0b89.png

  

3 hours ago, Shomil Saini said:

Did you get any answer to this? I have same issue. If it is an issue that is.

 

TIA!

 

"Active" simply means the tunnel is enabled on the Unraid side, has nothing to do with whether someone is currently connected to it.
 

The "handshake" column shows that "Peer 1" last connected to tunnel WG0 7 minutes and 23 seconds ago.

 

If you no longer want the tunnel to be available for connections, go to Settings -> VPN Manager and change the "Active" slider for tunnel WG0 to "Inactive". If you want to "forget" the fact that "Peer 1" connected 7 minutes and 23 seconds ago but still keep the tunnel up, change the slider from Active to Inactivate and then back to Active. That will clear the connection list.

 

 

Edited by ljm42

Share this post


Link to post
On 6/21/2020 at 1:30 PM, ljm42 said:

  

 

"Active" simply means the tunnel is enabled on the Unraid side, has nothing to do with whether someone is currently connected to it.
 

The "handshake" column shows that "Peer 1" last connected to tunnel WG0 7 minutes and 23 seconds ago.

 

If you no longer want the tunnel to be available for connections, go to Settings -> VPN Manager and change the "Active" slider for tunnel WG0 to "Inactive". If you want to "forget" the fact that "Peer 1" connected 7 minutes and 23 seconds ago but still keep the tunnel up, change the slider from Active to Inactivate and then back to Active. That will clear the connection list.

 

 

Thanks @ljm42, I completely understand your explanation. I think it is a wonderful add-on to have the widget on the Dashboard.

 

To me however, what the more relevant question is "Which device is currently connected and since how long?"

And a second follow up to that is "If a device is disconnected, then when was it last connected?" - this is partly vaguely answered by the current "Last Handshake Time" on Dashboard which is essentially last connection initiation time.

 

If the Dashboard can be modified by me or developers to see this, then it will be more relevant, as I have provided access to friends & family as well.

 

Cheers! and Be Safe.

Share this post


Link to post
20 hours ago, Shomil Saini said:

Thanks @ljm42, I completely understand your explanation. I think it is a wonderful add-on to have the widget on the Dashboard.

 

To me however, what the more relevant question is "Which device is currently connected and since how long?"

And a second follow up to that is "If a device is disconnected, then when was it last connected?" - this is partly vaguely answered by the current "Last Handshake Time" on Dashboard which is essentially last connection initiation time.

 

If the Dashboard can be modified by me or developers to see this, then it will be more relevant, as I have provided access to friends & family as well.

 

Cheers! and Be Safe.

The dashboard is simply formatting the output of the "wg show" command provided by WireGuard. wg does not provide a counter of "how long" a device was connected, probably because it is designed to let connections seamlessly drop and reconnect. It does show the amount of data that was transferred though. I guess WireGuard feels the length of time somebody was connected is less important than the amount of data they transferred.

Share this post


Link to post
1 hour ago, ljm42 said:

I guess WireGuard feels the length of time somebody was connected is less important

WireGuard is a stateless protocol, it doesn't maintain a connected or disconnected state, and hence can't keep time.

The "best" it can do is to show how long ago the last exchange took place (handshake).

 

Share this post


Link to post
2 hours ago, ljm42 said:

The dashboard is simply formatting the output of the "wg show" command provided by WireGuard. wg does not provide a counter of "how long" a device was connected, probably because it is designed to let connections seamlessly drop and reconnect. It does show the amount of data that was transferred though. I guess WireGuard feels the length of time somebody was connected is less important than the amount of data they transferred.

 

1 hour ago, bonienl said:

WireGuard is a stateless protocol, it doesn't maintain a connected or disconnected state, and hence can't keep time.

The "best" it can do is to show how long ago the last exchange took place (handshake).

 

Thanks for explaining guys. It makes much more sense to me now. I can understand the limitations of WireGuard.

 

Cheers! 🍻

Share this post


Link to post

There is an Update for the Wireguard Plugin, anybody knows the Changelog? Cant find any Info.

Share this post


Link to post
4 hours ago, ryperx said:

There is an Update for the Wireguard Plugin, anybody knows the Changelog? Cant find any Info.

On the Plugins page, click the information icon to see the changelog

 

image.png.37bf8903d8e13468a4d02add751ccf57.png

Share this post


Link to post
19 hours ago, ljm42 said:

On the Plugins page, click the information icon to see the changelog

 

image.png.37bf8903d8e13468a4d02add751ccf57.png

Thanks, you are right, i see now the changelog.
When i wrote the comment the changelog was empty for me

Share this post


Link to post
Posted (edited)

Hello, I miss clicked to add a second tunnel. How can I delete it ? Thank you 😃

Edited by Alex.b

Share this post


Link to post

Hey :)

 

I've been playing with the plugin and came across limiting the peer devices access to my local networks.

It nice to have a "Local tunnel firewall" option to give just access to speciffic ip addresses.

But is there a simple way via the plugin to limit that access even more ?

e.g.

Local tunnel network pool devices can only connect to local ip with port x

Share this post


Link to post
Posted (edited)
1 hour ago, Alex.b said:

Hello, I miss clicked to add a second tunnel. How can I delete it ? Thank you 😃

There should be a "Delete Tunnel" Button in the lower right corner, after you have enabled advanced view..? :)

Edited by Xuvin

Share this post


Link to post
3 minutes ago, Xuvin said:

There should be a "Delete Tunnel" Button in the lower right corner..? :)

This only appears if you are ‘Advanced’ mode rather than ‘Basic’.

 

Took me a while to find the delete the first time I wanted to do this.

Share this post


Link to post

Hi all,

 

I have to say I like this tool so far. It seems easy to set up.

 

I have one question though and it my be Wiregaurd its self... setting up a Server to Server you need to specify a Peer End Point how ever the one I am trying to use is on a home broadband therefore dynamic. I would like to use a FQDN (ie DuckDNS) how ever it will not accept any thing but a proper IP.

 

Do you know if this is a limitation, a bug or even if there is a work around ?

 

Thanks

 

Terran

Share this post


Link to post

There is no problem using a dynamic dns entry for a client to server link so I am not sure why there should be a limitation on the server to server link.  I must admit I have not tried it myself though.   Perhaps there is some confusion between the address seen externally to your home LAN and the one seen internally after the WireGuard link has been established?

Share this post


Link to post

I have the Problem that i can't activate a VPN tunnel if i add a IP under "Local tunnel firewall:" (Allow/Deny doesn't make a difference). 

If i leave this field clear, the tunnel starts as normal. I attached a Screenshot (The "IP" is obviously faked). 

Is this a known problem?

urWG1.PNG

Share this post


Link to post
On 7/18/2020 at 9:40 AM, alael said:

1) When setting the peer to VPN Tunnelled access the Ui bugs out in 2 way

One bug reside in the fact that the peer endpoint become mandatory.

Another bug is that if that operation mode is selected you cannot generate any config by clicking on the little ''eye'' icon. (how one is supposed to use it then?)

VPN Tunneled mode is for connecting to a commercial VPN provider. A peer endpoint (the commercial provider) is required. And there is need to generate a config, that is done by the commercial provider.

 

See this post for more details about using VPN Tunneled mode:

 

On 7/18/2020 at 9:40 AM, alael said:

2) sometime when saving setting you set a certain endpoint for the tunnel with its port you click apply and the page reload and the field is again empty for no specific reason, This sometime does happen even peer settings you set something click apply and then those setting disappear.

I'm guessing you are trying to do something that is invalid for VPN Tunneled mode.

 

Maybe you need to choose a different access type for what you are trying to do? You can turn on help in the Unraid gui, or perhaps this post will point you in the right direction:

 

 

Share this post


Link to post
Posted (edited)
23 hours ago, PvD said:

I have the Problem that i can't activate a VPN tunnel if i add a IP under "Local tunnel firewall:" (Allow/Deny doesn't make a difference). 

If i leave this field clear, the tunnel starts as normal. I attached a Screenshot (The "IP" is obviously faked). 

Is this a known problem?

I don't normally use the firewall feature, but I just tested it with "Rule: Deny" and "192.168.10.188/32" and it did what it was supposed to do. I tried with "192.168.10.188" (no "/32") and it worked correctly too.

 

Since you are saying the tunnel won't start, there may be a clue in your syslog. To make it easy to find, first remove the problematic setting and start the tunnel, just to prove that it works. Then add the firewall IP back and restart the tunnel showing it fails.  Then go to Tools -> Diagnostics and download the zip file, then upload the zip file to your next post.

Edited by ljm42

Share this post


Link to post
23 hours ago, ljm42 said:

I don't normally use the firewall feature, but I just tested it with "Rule: Deny" and "192.168.10.188/32" and it did what it was supposed to do. I tried with "192.168.10.188" (no "/32") and it worked correctly too.

 

Since you are saying the tunnel won't start, there may be a clue in your syslog. To make it easy to find, first remove the problematic setting and start the tunnel, just to prove that it works. Then add the firewall IP back and restart the tunnel showing it fails.  Then go to Tools -> Diagnostics and download the zip file, then upload the zip file to your next post.

Thank you for your help. Attached is the Diagnostics Zip.

pvd-unraid-diagnostics-20200729-2214.zip

Share this post


Link to post
1 hour ago, PvD said:

Thank you for your help. Attached is the Diagnostics Zip.

According to the syslog, the tunnel was started, then stopped, then started again:

Jul 29 22:14:10 PvD-Unraid wireguard: Tunnel WireGuard-wg1 started
### [PREVIOUS LINE REPEATED 1 TIMES] ###
Jul 29 22:14:28 PvD-Unraid wireguard: Tunnel WireGuard-wg1 stopped
Jul 29 22:14:29 PvD-Unraid wireguard: Tunnel WireGuard-wg1 started

 

So it looks like it is working correctly? Can you restate the problem? What went wrong with the final time it was started at 22:14:29?

Share this post


Link to post

I tried following the tutorial on the blog (https://unraid.net/blog/wireguard-on-unraid).

 

I am able to connect to my VPN, however, I lose my internet connection and cannot connect to the server or any other computer on the lan.

 

Also, I tend to access my unraid dashboard by going to domain.local, but when I'm connected via VPN, how should I connect to my dashboard? Should domain.local still work? Or do I have to connect to it via IP? Am I supposed to use my internal IP address? or the new IP address range that is being assigned via VPN? (I tried both, but nothing is working -- which is why I'm posting about this in the first place).

 

Attached is an image of my settings (domain name replaced). And I have the port forwarded in my router.

 

Can someone help me figure out what's going on? This is my first time trying to use WireGuard. I usually use a commercial VPN solution without issues.

image.png

Share this post


Link to post
21 hours ago, ljm42 said:

According to the syslog, the tunnel was started, then stopped, then started again:


Jul 29 22:14:10 PvD-Unraid wireguard: Tunnel WireGuard-wg1 started
### [PREVIOUS LINE REPEATED 1 TIMES] ###
Jul 29 22:14:28 PvD-Unraid wireguard: Tunnel WireGuard-wg1 stopped
Jul 29 22:14:29 PvD-Unraid wireguard: Tunnel WireGuard-wg1 started

 

So it looks like it is working correctly? Can you restate the problem? What went wrong with the final time it was started at 22:14:29?

I made a short video which hopefully shows my problem. The Syslog shows the start of the tunnel, but the Dashboard shows "Inactive" as State und the Switch won't accept the new state. Is there a way to start a Tunnel with the help of a Console command or another log file with more information?
 

 

Share this post


Link to post

The video is super helpful, thanks.

 

Are you sure you are trying to block the right IP address?  Your diagnostics show that Unraid has an IP of "192.168.0.10", why are you trying to block "192.168.10.188"? Perhaps you mean to block 192.168.0.188"?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.