ljm42 Posted July 30, 2020 Share Posted July 30, 2020 2 hours ago, PvD said: Yes I block the right IP. I want to block 192.168.0.114 (I tried other Ip addresses too, no difference). I think the 192.168.10.188 is the ip from your post earlier if I am not completely wrong(?). Dang, thought I was onto something there Assuming you are on the latest version of Unraid with the latest version of the plugin, I am out of ideas. It works for me, I don't understand why it isn't working for you. Quote Link to comment
ccsnet Posted August 2, 2020 Share Posted August 2, 2020 On 7/26/2020 at 11:41 AM, itimpi said: There is no problem using a dynamic dns entry for a client to server link so I am not sure why there should be a limitation on the server to server link. I must admit I have not tried it myself though. Perhaps there is some confusion between the address seen externally to your home LAN and the one seen internally after the WireGuard link has been established? Hi - I tried a random .com and it seems ok so I guess you may be right as I was test setting up at one location. Thanks T Quote Link to comment
PvD Posted August 2, 2020 Share Posted August 2, 2020 Dang, thought I was onto something there [emoji4] Assuming you are on the latest version of Unraid with the latest version of the plugin, I am out of ideas. It works for me, I don't understand why it isn't working for you.Okay thank you for your help. Then I need to find a solution which doesn’t involve the WireGuard Firewall. Quote Link to comment
NMGMarques Posted August 14, 2020 Share Posted August 14, 2020 Currently at work, connecting to my unRAID box using wireguard. I can access the box and shares fine. I can even access the dockers through the unRAID IP and the assigned ports. Problem: I need to open some new ports for a new container on my home router Problem 2: both the office router and home router are 192.168.1.254 and both serve as dhcp for the respective networks. These are my ISP routers and I cannot change the IP addresses as they tend to mess up the IPTV service. How can I connect to the router at home? Using the http://192.168.1.254 connects me to this router instead of the one at home, as I would expect. Quote Link to comment
JonathanM Posted August 14, 2020 Share Posted August 14, 2020 3 hours ago, NMGMarques said: How can I connect to the router at home? Using the http://192.168.1.254 connects me to this router instead of the one at home, as I would expect. One way out of this that I can think of probably isn't possible, and that would be to enable WAN management of the router and log in to it using the public IP. Another way involves remote accessing a machine with a browser on that side of the network, VM or physical, with Teamviewer or something similar. This setup is going to cause all kinds of issues the more you connect and work between them. I just thought of another possibility. If you are running LE, maybe you could proxy the router interface? Quote Link to comment
NMGMarques Posted August 14, 2020 Share Posted August 14, 2020 2 hours ago, jonathanm said: One way out of this that I can think of probably isn't possible, and that would be to enable WAN management of the router and log in to it using the public IP. Another way involves remote accessing a machine with a browser on that side of the network, VM or physical, with Teamviewer or something similar. This setup is going to cause all kinds of issues the more you connect and work between them. I just thought of another possibility. If you are running LE, maybe you could proxy the router interface? Thanks for the insight. I'll consider a VM. But I have to activate virtualization on the machine as it seems it must be off since I can't get unRAID to install a Windows VM. Quote Link to comment
BurntOC Posted August 21, 2020 Share Posted August 21, 2020 After getting my Wireguard tunnel up pretty quickly I’ve been trying for about a week to get to where I could access something else beyond the Unraid server GUI – especially hosts in other subnets on my network. I’ve had no success whatsoever after that initial setup. After seeing a bunch of replies to my Wireguard VPN client being dropped with TCP:SA – a symptom of asymmetric routing – I went to Reddit and asked about it in the Wireguard and pfSense groups. Since everyone seems to agree that my pfSense setup looks right, I realized I should probably actually come here as it seems to be something about Wireguard on Unraid that I need to address. I hope you can help. A simple network is below. I think this is how the communications are going if I try to access Server 2 at 192.168.60.10 from my Wireguard VPN client 10.20.30.2: 1. VPN Client (10.20.30.2) wants to talk to Server 2 (192.168.60.1). 2. It sends it to its default GW, which I take it is the Unraid Server 1 host interface (192.168.30.4) 3. Unraid server 1 rewrites the source header and sends it to [email protected]. pfSense. 4. pfSense forwards the request to Server [email protected]. 5. Server 2 sees request from 10.20.30.2 and replies but pfSense drops it as TCP:SA When I try to access the web GUI on Server 2 and run a capture on the VLAN30 pfSense interface I can see 10.20.30.2 talking to all sorts of stuff outside my firewall (dang chatty phone apps) but nothing going to Server 2. Nothing there. I can see Server 2 trying to respond on the VLAN60 pfSense interface, and the TCP:SA drops. FWIW, I can ping Server 2 via the Wireguard tunnel, and a traceroute shows 2 hops - the WG tunnel endpoint address of 10.20.30.1 and then Server 2 192.168.60.10. If it is not some weirdness with pfSense allowing crosstalk between VLANs on that same physical interface without logging it then it must be something about the way Unraid and Wireguard are handling it. Any help would be appreciated. Quote Link to comment
BurntOC Posted August 21, 2020 Share Posted August 21, 2020 Following up on my previous post as I'm still troubleshooting. With Wireguard implemented this way, is it effectively bridged as an additional IP network on the first/lowest physical interface? Quote Link to comment
ReidS Posted August 27, 2020 Share Posted August 27, 2020 (edited) I seem to be having trouble with a LAN-to-LAN config. Both of my end-point systems are using 2 ethernet ports, one port to internet (br0) and the other to local (br1). What my curiosity is, does WireGuard only bind to one adapter, such as br0, or is it a bridged style connection when communicating through Unraid. I can't seem to find any further info other then the routing table shows the VPN network bond to wg0. Any help is appreciated, thank you in advance. EDIT: I managed to answer my own question. I found the wg0.conf in /boot/config/wireguard and found that wg0 is bound to adapter br0. I changed that to br1 and I'm testing this. Edited August 27, 2020 by ReidS Update 1 Quote Link to comment
unr41dus3r Posted August 27, 2020 Share Posted August 27, 2020 On 7/27/2020 at 11:08 PM, PvD said: I have the Problem that i can't activate a VPN tunnel if i add a IP under "Local tunnel firewall:" (Allow/Deny doesn't make a difference). If i leave this field clear, the tunnel starts as normal. I attached a Screenshot (The "IP" is obviously faked). Is this a known problem? Can confirm this problem. In the moment i use a network in firewall the tunnel cant be started. Do you have 2 network cards/links maybe? Quote Link to comment
PvD Posted August 27, 2020 Share Posted August 27, 2020 Can confirm this problem. In the moment i use a network in firewall the tunnel cant be started. Do you have 2 network cards/links maybe?My current setup only features one Network Card with one Ethernet port. Quote Link to comment
milfer322 Posted August 28, 2020 Share Posted August 28, 2020 How can I delete a wg interfaces? there's no button in the interface. Thanks! Quote Link to comment
PvD Posted August 28, 2020 Share Posted August 28, 2020 How can I delete a wg interfaces? there's no button in the interface.You need to change the Tunnel view from „Basic“ to „Advanced“. The toggle is located Between the „Active“ and „Autostart“ toggle in the top Right corner of the Tunnel.After that you will find the Delete Tunnel button in the Bottom Right corner of the Tunnel configuration. 1 Quote Link to comment
MammothJerk Posted August 30, 2020 Share Posted August 30, 2020 Recently i decided i wanted to setup tunnels on my 2 local unraid boxes to route all of their traffic through my VPN provider but for now it does not seem to be possible. It seems like you can only use EITHER the remote tunneled access OR the VPN tunneled access, you cannot use them both at the same time so im either unable to access my local network from remote OR my local unraid boxes will not go through the VPN. Is there a way to enable both "VPN tunneled access" AND "Remote tunneled access" at the same time? or a function that works similarly? Quote Link to comment
raerae1616 Posted September 3, 2020 Share Posted September 3, 2020 (edited) On 10/13/2019 at 9:34 AM, bonienl said: LAN hosts or docker containers/VMs with their own IP address, need a return path back to the WireGuard VPN tunnel which exists on the Unraid server to reach any remote destination. This is achieved by adding the tunnel endpoint subnet to the gateway (router) which provides the regular access to remote destinations. By default Unraid uses the 10.253.x.x/16 subnet for tunnel endpoint assignments. This subnet needs to be added to the router and points to the LAN (eth0) address of the Unraid server. Below is an example of static routes added to a Ubiquiti router (other brands should offer something similar). It is also needed to disable the "Local Server uses NAT" setting (switch on advanced view). This solution finally worked for me to be able to access Dockers with custom IP addresses (much easier than VLAN setups, adding NICs, and is not limited to just one docker (i.e Pi-Hole) like the solution that replaces the default port 80 with Pi-Hole for pure DNS. However, it was still a little hard to understand and follow how to configure this in my network -- and with an Edgerouter (ER-X). So I thought I'd go ahead and share the specifics in case anyone else could use some additional clarity and/or has an Edgerouter. After mucking around with my firewall rules and getting back out of the wrong rabbit holes, it really was fairly easy in the end. Re-Cap of setting up WireGuard (in Unraid) for access to Docker containers with Custom IP Addresses (e.g. Pi-hole, Unifi, etc.): First, in order to access Docker's that have a custom IP Address you need to disable NAT in the Wireguard VPN settings... as noted in the just-gotta-know-where-to-look on-screen documentation: So, once you disable NAT in the WireGuard Configuration (Settings -> VPN Manager), then Unraid provides the key details in a remark for you: As noted also in the documentation comments and the remark you will need to configure a staic route on the router, but there is still an important missing detail from the on-screen info. Luckily these have been outline in the "WireGuard quickstart" forum thread (linked here). These details (along with the post quoted above) really helped with some additional details that made it more clear for me finally get my network properly configured -- and as it turns out is really very simple. The "WireGuard quickstart" guide is actually a different forum thread, but I found this thread before I finally found my way over to that one (via more Google-Fu) . . . so it seems useful to provide these details here: The quickstart guide (thread linked above) was updated as of February 20, 2020 with a section labeled "Complex Networks" and it provides the key details that were most helpful. How to Configure Static Route for WireGuard (on Unraid) in an EdgeRouter (ER-X): The remaining element was to sort out how to correctly set up the static route in an Edgerouter (ER-X).... so for those that may find their way here and have an Edgerouter (or similar), here's the process: 1. On the Routes Tab, click to Add a new Static Route: 2. Enter the details that are provided by the Unraid UI (see screenshot above when NAT is disabled under VPN Management): 3. Save and Apply the changes to the EdgeRouter... the end result will look like this if you open it after saving: 4. And Finally, you need to ensure that Docker is correctly set to enable "Host Access to custom networks" in the Docker Settings (Settings -> Docker): Which will result in this... Actual url to detailed instruction is just below: Note: The original details for this step are on Page 8 of this thread, but I found them from the link that is also on the "WireGuard quickstart" thread.... so I'm posting here again for continuity: Edited September 3, 2020 by raerae1616 2 Quote Link to comment
J05u Posted September 6, 2020 Share Posted September 6, 2020 Basically i managed to setup Wireguard only as Remote tunneled access, any other options just not pinging. But anyway, with this option i can access only my server and dockers. Any chance to manage to access entire home network ? Quote Link to comment
ljm42 Posted September 6, 2020 Share Posted September 6, 2020 2 hours ago, J05u said: Basically i managed to setup Wireguard only as Remote tunneled access, any other options just not pinging. But anyway, with this option i can access only my server and dockers. Any chance to manage to access entire home network ? Please don't double post Quote Link to comment
m-zone.me Posted September 10, 2020 Share Posted September 10, 2020 Hi, I'm having some trouble getting WireGuard to work... I've follow the guide, and when i connect to the WireGuard VPN from my Windows 10 on a Remote Network (My Unraid server is located at my work.) I can ping / access the Unraid IP, but nothing else on the remote network. I chosen the "Remote access to LAN" option in the Peer settings. It's not the first time i'm using Wireguard, i've had it working before, but ran into the same issue, and then started using OpenVPN, but it only allows to VPN connections, so i would like to get WireGuard working again, but i can't figure out whats wrong. Does anyone have any ideas on what i should do to fix this... I can access anything on my UnRaid server, but anything else on the network that has another ip adress i can't access.... Please help me out here, thanks in advance... Quote Link to comment
tmchow Posted September 10, 2020 Share Posted September 10, 2020 (edited) I'm having issue adding a peer. When I hit "apply" after specifying the peer's initial info, nothing happens. Lookiing at the chrome dev tools, this error is showing up: An invalid form control with name='Address:1' is not focusable. quick google search found this common issue: https://stackoverflow.com/questions/22148080/an-invalid-form-control-with-name-is-not-focusable Edited September 10, 2020 by tmchow Quote Link to comment
ljm42 Posted September 11, 2020 Share Posted September 11, 2020 5 hours ago, tmchow said: I'm having issue adding a peer. When I hit "apply" after specifying the peer's initial info, nothing happens. Lookiing at the chrome dev tools, this error is showing up: An invalid form control with name='Address:1' is not focusable. What version of the WireGuard plugin, on what version of Unraid? Nobody else has run into this, so assuming everything is current, I'm thinking it is issue with your browser. Try creating a blank profile in Chrome to eliminate browser extensions as the cause. Quote Link to comment
tmchow Posted September 11, 2020 Share Posted September 11, 2020 What version of the WireGuard plugin, on what version of Unraid? Nobody else has run into this, so assuming everything is current, I'm thinking it is issue with your browser. Try creating a blank profile in Chrome to eliminate browser extensions as the cause.I’m on Unraid 6.8.3 and plug-in version 2020.07.10bI’m on a chrome beta but been on it for awhile. I’ll try a different browser and incognito window to see if that changes anything. Quote Link to comment
tmchow Posted September 11, 2020 Share Posted September 11, 2020 (edited) 5 hours ago, ljm42 said: What version of the WireGuard plugin, on what version of Unraid? Nobody else has run into this, so assuming everything is current, I'm thinking it is issue with your browser. Try creating a blank profile in Chrome to eliminate browser extensions as the cause. I also just tried this on Firefox with no plugins and got similar behavior but the dev console reports a different error: Firefox can’t establish a connection to the server at ws://192.168.1.161/sub/var When trying in Chrome Incognito, I got same error as my non-chrome incognito window. I'm so confused. Edited September 11, 2020 by tmchow Quote Link to comment
ljm42 Posted September 11, 2020 Share Posted September 11, 2020 9 hours ago, tmchow said: Firefox can’t establish a connection to the server at ws://192.168.1.161/sub/var Reboot Unraid. If the problem persists, upload your diagnostics, maybe there will be a clue in the logs Quote Link to comment
Gdtech Posted September 11, 2020 Share Posted September 11, 2020 Every time i add a peer i have to reboot the server in order for wireguard to start working again, is this normal ?, After rebooting every thing works fine including the new added peer. Any advice would be appreciated Thanks Quote Link to comment
AceRimmer Posted September 12, 2020 Share Posted September 12, 2020 Feature suggestion (if it hasn't been suggested yet) Re-order VPN peers the same way i can re-order VM's (hold click, drag & drop). Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.