Dynamix WireGuard VPN


bonienl

418 posts in this topic Last Reply

Recommended Posts

On 11/10/2020 at 6:11 PM, yogy said:

I FOUND A SOLUTION!

yes, I'm answering to myself but hopefully others will find this useful.

If you are using Wireguard VPN app for Windows OS and try to connect to unRAID using Remote tunneled access here is a solution

This issue of broken local network routing appears to only happen in WireGuard for Windows.

You just saved my evening

Link to post
  • Replies 417
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

With the release of Unraid 6.8 comes support for WireGuard VPN connections. At the moment the GUI part is offered as a separate plugin, but will be integrated into Unraid in the future. This appr

With Unraid containers may have either fixed addresses or dynamic addresses when used on a custom (macvlan) network. To ensure that "any" container can be accessed by the host, I took the approac

LAN hosts or docker containers/VMs with their own IP address, need a return path back to the WireGuard VPN tunnel which exists on the Unraid server to reach any remote destination.   This is

Posted Images

I have been trying for ages now to setup WG to access my dockers on my VLAN

Local access works fine!

I suspect it is something i'm missing in pfSense!

Here are my unraid settings:

eth0.thumb.png.e0b99bb3d64611ddf1433e477ba879c2.png

 

docker.thumb.png.b7363debeba9669c69c7fb98fcc54c44.png

 

Tunnel.thumb.png.5f9dd1fac2b9d4222b8dbd1242401b0e.png

 

And pfSense setting:

gateway.png.d73a5419f14816f19e6df968dc3ed014.png

 

219675626_staticroute.png.f7c4b9ffca17f78c9168d5cde5abdfd7.png

 

Anyone see anything obvious i have missed? I've read thru a number of threads and just cant pin point my issue

Thanks

Edited by bdydrp
Link to post

Hello all,

 

I'm trying to setup my WireGuard VPN to work with my Pihole docker running on the same box.

 

I tried to configure PiHole to run on a separate NIC, but I couldn't get it to recognize the bridged connection I created on the separate NIC in order to select it.

 

So, I read through the thread more, and I made it to the point of enabling host access to custom networks in Docker settings. This allows me to now access PiHole over WireGuard on the same NIC, but if I try to access the internet with the VPN connected, it is unable to resolve any host name.

 

How can I get my internet to work on the device with the VPN connected now?

 

Default Gateway: 10.100.1.1

Unraid IP: 10.100.1.3

PiHole IP: 10.100.1.2

 

Static route setup on router:

image.png.7f6bfb33fb430712d20faaa50d3b13a3.png

 

WireGuard setup:
image.thumb.png.c3121d8d11d6f15cd5ca8227e3d27905.png

Edited by carnivorebrah
Link to post

If your Pi hole isn't your DNS Server, then the Peer DNS server should be your router or something else (default gateway). In this case try to put 10.100.1.1 and not 10.100.1.2 as in the picture above.

Don't forget to scan your code again (if you're using your mobile device) when you change this setting.

Link to post
2 hours ago, yogy said:

If your Pi hole isn't your DNS Server, then the Peer DNS server should be your router or something else (default gateway). In this case try to put 10.100.1.1 and not 10.100.1.2 as in the picture above.

Don't forget to scan your code again (if you're using your mobile device) when you change this setting.

I'm a complete idiot. I forgot to redownload the new config onto my devices. This fixed it.

 

It's always the little things...

 

*facepalm*

 

Thank you!!!

Link to post

Hi,
 

Im looking to run Wireguard in conjunction with the Pihole container and was wondering if it's possible to select another NIC other than the standard br0. Alternatively, is there a best way to set everything up? I can connect via my phone to the tunnel but receive resolution errors as, I'm assuming, the remote client isnt communicating with pihole. Thank you. Is there a best practice of setting the two up if I have two NICs?

Link to post

hello it possible to setup wirequard with unraid/docker as following?

 

cloud.mydomain.org ---> external root-server with ipv4/wirequard  ---->----tunnel --->---> unraid-docker service like nextcloud.

 

why I ask, due to IPS change, I have no reachable ipv4 adress. and I need this for mapping of domains my nexcloud services @ unraid

Link to post
  • 2 weeks later...

Still having issues with this!! Can only access devices on main lan not VLANS

I have done a traceroute from my peer device (android tablet) with wifi off and WG on.

And noticed that the hop goes to a completely different network

1st hop - 10.252.52.102

2nd hop - 10.252.52.106

3rd, 4th, etc - No response

 

The Local tunnel address is 10.253.0.1      Where would 10.252 come from?

 

Link to post
  • 3 weeks later...

So, i studied this Topic many Times. And though i'm no english native but i still think i understand everything right.

If my router is some kind of cheap enduser ISP stuff which lacks the possibility of custom routing or routes in general and all i can set up is simple NAT i have no chance to access all my Docker container through Wireguard?

My Setup is quite simple. I have 2 NICs, one (br0) for the UnRaid Webfrontend and Wireguard etc. and the other (br1) is used for all Docker container with custom IP addresses in my LAN. I use one subnet for everything in my LAN. 192.168.0.0/24.

I'm not talking about DNS i can't even ping my Docker container on their own IP. So i initially thought it would be enough to seperate the Wireguard interface from the Docker interfaces. But this was not the trick, so i read this thread and the only thing i'm missing is the custom route in my router which i can not set. What are my options now? 

I could be so convenient to connect to Wireguard, open my Heimdall-Docker and get everywhere i want (Homekit, DIYHue, Plex, Nextcloud, etc.). But i can't get it to work.

Or am i missing something?

Link to post

I'm having some trouble after installing and uninstalling this docker. 

 

My box no longer has DNS access to anything it seems, none of the VMS either. I can RDP to them all but for somereason I cannot browse any web content on the VM's in the APPS directory of UNRAID I also can't solve anything. 

 

Could this be a simple reboot?

Link to post

I am not getting a handshake from WireGuard client on macOS. Used to be able to connect no problem, is there a common issue occurring atm after the latest client update?

 

Edit: Regenerated keys and tried to reconnect, still same issue. Able to connect, no data, no handshake. No idea what to do next. Used to work smoothly, unfortunately, not anymore.

Edited by iilied
Link to post
On 1/9/2021 at 5:09 PM, iilied said:

I am not getting a handshake from WireGuard client on macOS. Used to be able to connect no problem, is there a common issue occurring atm after the latest client update?

 

Edit: Regenerated keys and tried to reconnect, still same issue. Able to connect, no data, no handshake. No idea what to do next. Used to work smoothly, unfortunately, not anymore.

I had the same problem, didn't get a handshake from either my PC or my Android.
I don't remember why, but one day I decided to try another port in the the "local endpoint" and also my router port forwarding setting.
It just started to work.
I had earlier successfully used the default port, but one day it just stopped working. I went for a long time before I got to change the port, I used my router's OpenVPN instead. Weird.

Link to post
  • 2 weeks later...

is it possible to activate the VPN only when trying to access specific dns names oder ip adresses?

 

scenario : on the road , logged into 5G , no VPN -> open my SecurityCam app which points to 192.x.x.x , VPN will start and shutdown when app is closed (or specific idle time)

 

or connect only when i try to connect to a specific ip range would be great

Edited by reppmic
update text
Link to post
2 hours ago, reppmic said:

is it possible to activate the VPN only when trying to access specific dns names oder ip adresses?

 

scenario : on the road , logged into 5G , no VPN -> open my SecurityCam app which points to 192.x.x.x , VPN will start and shutdown when app is closed (or specific idle time)

 

or connect only when i try to connect to a specific ip range would be great

The Wireguard app on your phone has nothing to do with Wireguard running on Unraid.  You'd need to address this issue to the developer of the Wireguard app.

Link to post
49 minutes ago, Energen said:

The Wireguard app on your phone has nothing to do with Wireguard running on Unraid.  You'd need to address this issue to the developer of the Wireguard app.

 

ok, thanks for clearify , but is it also not possible to setup unraid Wireguard that the incoming client can only access a specific ip range?

Link to post
14 hours ago, reppmic said:

 

ok, thanks for clearify , but is it also not possible to setup unraid Wireguard that the incoming client can only access a specific ip range?

You can do this by specifying the IP range allowed when defining a tunnel at the Unraid end.

 

a point to note is that if you want to access the IPs on your local LAN form a remote point across a WireGuard link then the client must be on a different subnet to that used on your home LAN.   This may well mean that you want to avoid using commonly used subsets like 192.168.0.x and 192.168.1.x on your home LAN as you will find there is a high chance of the client being on one of these subnets.

Link to post

BUG found,

I have two wg interfaces wg0 and wg1

wg0 is set to no server NAT, thus thus no associated firewall rules are set on pre-up and post-down

wg1 is set to enable server NAT

After unraid reboots

wg1 will fail to start due to non existent WIREGUARD chain in iptables.

I have to manually add WIREGUARD chain to start the wg1 interface.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.