Fedeöä 0 Posted November 17, 2020 Share Posted November 17, 2020 On 11/10/2020 at 6:11 PM, yogy said: I FOUND A SOLUTION! yes, I'm answering to myself but hopefully others will find this useful. If you are using Wireguard VPN app for Windows OS and try to connect to unRAID using Remote tunneled access here is a solution This issue of broken local network routing appears to only happen in WireGuard for Windows. You just saved my evening Quote Link to post
bdydrp 3 Posted November 19, 2020 Share Posted November 19, 2020 (edited) I have been trying for ages now to setup WG to access my dockers on my VLAN Local access works fine! I suspect it is something i'm missing in pfSense! Here are my unraid settings: And pfSense setting: Anyone see anything obvious i have missed? I've read thru a number of threads and just cant pin point my issue Thanks Edited November 19, 2020 by bdydrp Quote Link to post
carnivorebrah 1 Posted November 24, 2020 Share Posted November 24, 2020 (edited) Hello all, I'm trying to setup my WireGuard VPN to work with my Pihole docker running on the same box. I tried to configure PiHole to run on a separate NIC, but I couldn't get it to recognize the bridged connection I created on the separate NIC in order to select it. So, I read through the thread more, and I made it to the point of enabling host access to custom networks in Docker settings. This allows me to now access PiHole over WireGuard on the same NIC, but if I try to access the internet with the VPN connected, it is unable to resolve any host name. How can I get my internet to work on the device with the VPN connected now? Default Gateway: 10.100.1.1 Unraid IP: 10.100.1.3 PiHole IP: 10.100.1.2 Static route setup on router: WireGuard setup: Edited November 24, 2020 by carnivorebrah Quote Link to post
yogy 11 Posted November 25, 2020 Share Posted November 25, 2020 If your Pi hole isn't your DNS Server, then the Peer DNS server should be your router or something else (default gateway). In this case try to put 10.100.1.1 and not 10.100.1.2 as in the picture above. Don't forget to scan your code again (if you're using your mobile device) when you change this setting. 2 Quote Link to post
carnivorebrah 1 Posted November 25, 2020 Share Posted November 25, 2020 2 hours ago, yogy said: If your Pi hole isn't your DNS Server, then the Peer DNS server should be your router or something else (default gateway). In this case try to put 10.100.1.1 and not 10.100.1.2 as in the picture above. Don't forget to scan your code again (if you're using your mobile device) when you change this setting. I'm a complete idiot. I forgot to redownload the new config onto my devices. This fixed it. It's always the little things... *facepalm* Thank you!!! Quote Link to post
bdydrp 3 Posted November 30, 2020 Share Posted November 30, 2020 Anyone have this working with containers on a vlan and pfsense? Still struggling to get this to work as per my post above Quote Link to post
stefan416 0 Posted December 1, 2020 Share Posted December 1, 2020 Hi, Im looking to run Wireguard in conjunction with the Pihole container and was wondering if it's possible to select another NIC other than the standard br0. Alternatively, is there a best way to set everything up? I can connect via my phone to the tunnel but receive resolution errors as, I'm assuming, the remote client isnt communicating with pihole. Thank you. Is there a best practice of setting the two up if I have two NICs? Quote Link to post
dimon 0 Posted December 6, 2020 Share Posted December 6, 2020 hello it possible to setup wirequard with unraid/docker as following? cloud.mydomain.org ---> external root-server with ipv4/wirequard ---->----tunnel --->---> unraid-docker service like nextcloud. why I ask, due to IPS change, I have no reachable ipv4 adress. and I need this for mapping of domains my nexcloud services @ unraid Quote Link to post
bdydrp 3 Posted December 16, 2020 Share Posted December 16, 2020 Still having issues with this!! Can only access devices on main lan not VLANS I have done a traceroute from my peer device (android tablet) with wifi off and WG on. And noticed that the hop goes to a completely different network 1st hop - 10.252.52.102 2nd hop - 10.252.52.106 3rd, 4th, etc - No response The Local tunnel address is 10.253.0.1 Where would 10.252 come from? Quote Link to post
screwbox 0 Posted January 5 Share Posted January 5 So, i studied this Topic many Times. And though i'm no english native but i still think i understand everything right. If my router is some kind of cheap enduser ISP stuff which lacks the possibility of custom routing or routes in general and all i can set up is simple NAT i have no chance to access all my Docker container through Wireguard? My Setup is quite simple. I have 2 NICs, one (br0) for the UnRaid Webfrontend and Wireguard etc. and the other (br1) is used for all Docker container with custom IP addresses in my LAN. I use one subnet for everything in my LAN. 192.168.0.0/24. I'm not talking about DNS i can't even ping my Docker container on their own IP. So i initially thought it would be enough to seperate the Wireguard interface from the Docker interfaces. But this was not the trick, so i read this thread and the only thing i'm missing is the custom route in my router which i can not set. What are my options now? I could be so convenient to connect to Wireguard, open my Heimdall-Docker and get everywhere i want (Homekit, DIYHue, Plex, Nextcloud, etc.). But i can't get it to work. Or am i missing something? Quote Link to post
ejg3855 0 Posted January 8 Share Posted January 8 I'm having some trouble after installing and uninstalling this docker. My box no longer has DNS access to anything it seems, none of the VMS either. I can RDP to them all but for somereason I cannot browse any web content on the VM's in the APPS directory of UNRAID I also can't solve anything. Could this be a simple reboot? Quote Link to post
iilied 1 Posted January 9 Share Posted January 9 (edited) I am not getting a handshake from WireGuard client on macOS. Used to be able to connect no problem, is there a common issue occurring atm after the latest client update? Edit: Regenerated keys and tried to reconnect, still same issue. Able to connect, no data, no handshake. No idea what to do next. Used to work smoothly, unfortunately, not anymore. Edited January 9 by iilied Quote Link to post
ICDeadPpl 19 Posted January 11 Share Posted January 11 On 1/9/2021 at 5:09 PM, iilied said: I am not getting a handshake from WireGuard client on macOS. Used to be able to connect no problem, is there a common issue occurring atm after the latest client update? Edit: Regenerated keys and tried to reconnect, still same issue. Able to connect, no data, no handshake. No idea what to do next. Used to work smoothly, unfortunately, not anymore. I had the same problem, didn't get a handshake from either my PC or my Android. I don't remember why, but one day I decided to try another port in the the "local endpoint" and also my router port forwarding setting. It just started to work. I had earlier successfully used the default port, but one day it just stopped working. I went for a long time before I got to change the port, I used my router's OpenVPN instead. Weird. Quote Link to post
reppmic 0 Posted Thursday at 09:51 AM Share Posted Thursday at 09:51 AM (edited) is it possible to activate the VPN only when trying to access specific dns names oder ip adresses? scenario : on the road , logged into 5G , no VPN -> open my SecurityCam app which points to 192.x.x.x , VPN will start and shutdown when app is closed (or specific idle time) or connect only when i try to connect to a specific ip range would be great Edited Thursday at 09:57 AM by reppmic update text Quote Link to post
Energen 69 Posted Thursday at 12:31 PM Share Posted Thursday at 12:31 PM 2 hours ago, reppmic said: is it possible to activate the VPN only when trying to access specific dns names oder ip adresses? scenario : on the road , logged into 5G , no VPN -> open my SecurityCam app which points to 192.x.x.x , VPN will start and shutdown when app is closed (or specific idle time) or connect only when i try to connect to a specific ip range would be great The Wireguard app on your phone has nothing to do with Wireguard running on Unraid. You'd need to address this issue to the developer of the Wireguard app. Quote Link to post
reppmic 0 Posted Thursday at 01:21 PM Share Posted Thursday at 01:21 PM 49 minutes ago, Energen said: The Wireguard app on your phone has nothing to do with Wireguard running on Unraid. You'd need to address this issue to the developer of the Wireguard app. ok, thanks for clearify , but is it also not possible to setup unraid Wireguard that the incoming client can only access a specific ip range? Quote Link to post
itimpi 834 Posted Friday at 03:52 AM Share Posted Friday at 03:52 AM 14 hours ago, reppmic said: ok, thanks for clearify , but is it also not possible to setup unraid Wireguard that the incoming client can only access a specific ip range? You can do this by specifying the IP range allowed when defining a tunnel at the Unraid end. a point to note is that if you want to access the IPs on your local LAN form a remote point across a WireGuard link then the client must be on a different subnet to that used on your home LAN. This may well mean that you want to avoid using commonly used subsets like 192.168.0.x and 192.168.1.x on your home LAN as you will find there is a high chance of the client being on one of these subnets. 1 Quote Link to post
hdlineage 0 Posted 11 hours ago Share Posted 11 hours ago BUG found, I have two wg interfaces wg0 and wg1 wg0 is set to no server NAT, thus thus no associated firewall rules are set on pre-up and post-down wg1 is set to enable server NAT After unraid reboots wg1 will fail to start due to non existent WIREGUARD chain in iptables. I have to manually add WIREGUARD chain to start the wg1 interface. Quote Link to post
418 posts in this topic Last Reply
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.