Jump to content
bonienl

Dynamix WireGuard VPN

386 posts in this topic Last Reply

Recommended Posts

Every time i add a peer i have to reboot the server in order for wireguard to start working again, is this normal ?, After rebooting every thing works fine

including the new added peer.

 

Any advice would be appreciated

 

Thanks  

Share this post


Link to post

Feature suggestion (if it hasn't been suggested yet)

 

Re-order VPN peers the same way i can re-order VM's (hold click, drag & drop). 

Share this post


Link to post
On 9/11/2020 at 10:34 AM, ljm42 said:

Reboot Unraid. If the problem persists, upload your diagnostics, maybe there will be a clue in the logs

Rebooted and having same issue.  logs attached.  @ljm42 any ideas?

tower-diagnostics-20200914-2158.zip

Edited by tmchow

Share this post


Link to post

Am I the only person having problems with this plugin resetting "PostUp" & "PostDown" rules within imported configuration files? If the tunnels aren't modified after importing everything remains, but even updating IP or DNS entries results in any Post rules being cleared.

 

If not, it would be great if there's an option to modify those rules within the GUI or at least an option to preverse any that are imported. In my opinion it's a pretty big issue as I require them to modify iptables entries.

 

Cheers

Edited by Dataone

Share this post


Link to post

I installed this plugin via CA on my new unraid install. I set it up based on the blog post here. I create a peer with remote tunneled access and import it into a android client. I then enable the connection but on the logs it shows handshake initiation timeouts and I'm unable to ping from unraid. The port is appropriately forwarded to the VPN endpoint from my router side of things. Not sure where to go from here for troubleshooting.

Share this post


Link to post

Hello,

I just finished setting up wireguard and am having one quirk:

I have multiple docker containers that run on the host at different ports. One of them is tunneled through openVPN. When I turn the wireguard tunnel on, I can access unraid:port for the container (going through openvpn), but for some reason, all network traffic from the container through openvpn ceases. I have to turn wg off and down/up my container to get it to work again, but then I can't VPN into my network to use it. Has anyone run into this?

 

edit: figured it out: the my peers were set to tunneled vpn, not remote to lan. Not sure why that took down my containers, but all good now. 

Edited by cA1pLPfENhOfT9pMGzu2

Share this post


Link to post

Is it possible to stop the Unraid WebUI from listening on Wireguard interfaces? For one, since I use SSL - clients that don't have access to the LAN can't see the dashboard anyways; for two I'd like to be able to bind a dashboard docker to the HTTP port for clients that are connected via wireguard. Right now I believe the nginx server is bound to 0.0.0.0 - I'd like to change that to the fixed IP, if possible.

Share this post


Link to post
On 10/18/2020 at 3:56 AM, BKS said:

I installed this plugin via CA on my new unraid install. I set it up based on the blog post here. I create a peer with remote tunneled access and import it into a android client. I then enable the connection but on the logs it shows handshake initiation timeouts and I'm unable to ping from unraid. The port is appropriately forwarded to the VPN endpoint from my router side of things. Not sure where to go from here for troubleshooting.

Might be easier to determine what's wrong if you post a censored config file

Share this post


Link to post
On 10/20/2020 at 2:55 AM, Dataone said:

Might be easier to determine what's wrong if you post a censored config file

Same problem, but iOS client. The handshake just keeps on retrying. I have a UniFi USG with port forwarded as suggested in the blog. I do however have an upstream router (used as modem only) with its DMZ set to the UniFi USG.

 

Any help appreciated :)

 

Local server configuration

[Interface]

#Unraid VPN

PrivateKey=***=

Address=10.253.0.1

ListenPort=51820

PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'

PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE

PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE

[Peer]
#Remote

PublicKey=****=

PresharedKey=****=

AllowedIPs=10.253.0.2

 

Remote peer configuration

[Interface]

#Remote

PrivateKey=***=

Address=10.253.0.2/32

DNS=192.168.0.1

[Peer]

#Unraid VPN

PresharedKey=***=
PublicKey=***=

Endpoint=*.*.*.*:51820

AllowedIPs=10.253.0.1/32, 192.168.0.0/24

Share this post


Link to post

Is it possible to setup a LAN to LAN WireGuard if one on the computer is behind a router that I don't have access to?

 

I ask because my unraid server is in an office at a University - and I do not have access to the University router.

 

I am using ZeroTier and that works okay - but because there isn't 'direct' connection between my home- and University computer, ZeroTier use a relay/gateway that slows down the Internet speed.

Edited by Michael Kaaber

Share this post


Link to post
12 hours ago, Michael Kaaber said:

Is it possible to setup a LAN to LAN WireGuard if one on the computer is behind a router that I don't have access to?

I would not expect the machine that is behind that router to be able to accept incoming connections (unless that router happens by chance to be setup so that incoming connection can be specified by the server using DNLA).

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.