bonienl Posted April 3, 2021 Author Share Posted April 3, 2021 On your phone (client) you need to have AllowedIPs to include all your additional networks too, e.g. AlloweIPs=192.168.3.0/24, 192.168.4.0/24, 192.168.5.0/24 ... 1 Quote Link to comment
Boo-urns Posted April 3, 2021 Share Posted April 3, 2021 (edited) 56 minutes ago, bonienl said: On your phone (client) you need to have AllowedIPs to include all your additional networks too, e.g. AlloweIPs=192.168.3.0/24, 192.168.4.0/24, 192.168.5.0/24 ... Thanks for the reply. I did notice that they weren't included in the client config after I looked. So I went to start from scratch in Unraid, reconfigured everything IAW the guide and now i'm not even getting a handshake. Edit: NVM, I forgot WG needs to 'do something' to get a handshake. But, even with added 192.168.5.0/24 and the other ranges to the client config, back to square one. Still no access. Edited April 3, 2021 by Boo-urns New info Quote Link to comment
bonienl Posted April 3, 2021 Author Share Posted April 3, 2021 The GUI has no field to add the additional host networks for the peer(s). You need to do that manually on the peer itself. Delete all tunnels and start from scratch (choose Remote access to LAN for the peer), this will generate a peer config similar like Remote peer configuration [Interface] #My iPhone PrivateKey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= Address=10.253.0.2/32 [Peer] #My Unraid server PublicKey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= Endpoint=www.mysite.com:51831 AllowedIPs=10.253.0.1/32, 192.168.1.0/24 Load this config on the peer and add manually the additional networks, like 192.168.2.0/24, 192.168.3.0.24, etc to the list of AllowedIPs using the WG app on the peer (do not delete the existing entries). Quote Link to comment
Boo-urns Posted April 3, 2021 Share Posted April 3, 2021 6 hours ago, bonienl said: Delete all tunnels and start from scratch (choose Remote access to LAN for the peer), this will generate a peer config similar like Remote peer configuration [Interface] #My iPhone PrivateKey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= Address=10.253.0.2/32 [Peer] #My Unraid server PublicKey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= Endpoint=www.mysite.com:51831 AllowedIPs=10.253.0.1/32, 192.168.1.0/24 Load this config on the peer and add manually the additional networks, like 192.168.2.0/24, 192.168.3.0.24, etc to the list of AllowedIPs using the WG app on the peer (do not delete the existing entries). OK so i've done exactly this. I have a LAN connection via WG and can access everything normally, except for VLANS and custom dockers. eg I have a Shinobi docker running on VLAN5 (192.168.5.2) with all CCTV cams as well which timeout on WG. Additionally, DelugeVPN and Jackett (routed through DelugeVPN) are not accessible either. All of the above are accessible normally via this PC (192.168.1.5). Would there be any other specific routing required? Quote Link to comment
bonienl Posted April 4, 2021 Author Share Posted April 4, 2021 I too have multiple VLAN networks, which I use for docker containers and VMs. All of these networks (both IPv4 and IPv6) are reachable over WireGuard. Couple of things I forgot to mention: WG configuration -> Local server uses NAT = No Docker configuration -> Host access to custom networks = Enabled The router needs a static route to forward the WG subnet (10.253.0.0/24) to the Unraid server (192.168.1.x) On the peer make a simplified AllowedIPs subnet, like 192.168.0.0/16 (this allows any 192.168.x.x address) Quote Link to comment
Boo-urns Posted April 4, 2021 Share Posted April 4, 2021 3 hours ago, bonienl said: WG configuration -> Local server uses NAT = No Docker configuration -> Host access to custom networks = Enabled The router needs a static route to forward the WG subnet (10.253.0.0/24) to the Unraid server (192.168.1.x) I had these settings sorted already, including the static route. I've added the simplified AllowedIPs subnet on the client with no effect. Below is the static route set. Does anything glaring obvious stand out that i've done incorrectly? Unraid IP is 192.168.1.4. On 4/3/2021 at 3:31 PM, Boo-urns said: Unraid settings as follows: Thanks again for your help. Quote Link to comment
bonienl Posted April 4, 2021 Author Share Posted April 4, 2021 I don't know how your router interprets a metric value of zero, but from a routing perspective this should be at least 1. The WG configuration is okay. 1 Quote Link to comment
bearattack Posted April 4, 2021 Share Posted April 4, 2021 (edited) Hi, I'm trying to setup a remote tunneled access server using IPv4 + IPv6 and a local DNS (pihole) server. I run through the advanced configuration and my clients are successfully tunneling through IPv4, but it seems there is no IPv6 access through the tunnel. Is this a bug or am I misconfiguring something? My config is almost all default settings: Edited April 4, 2021 by bearattack Quote Link to comment
mpatterson Posted April 4, 2021 Share Posted April 4, 2021 I struggled getting this working, all of the settings looked good and I tried various fixes but just couldn't get that initial handshake. It ended up being super easy (of course). In my Port Forwarding rule I had it set to use TCP instead of UDP. I switched it to UDP and that fixed it. Of course the instructions to use UDP is right there on the config page but I just didn't pay enough attention. But maybe someone else will struggle and come here and this will help them. Quote Link to comment
bonienl Posted April 5, 2021 Author Share Posted April 5, 2021 14 hours ago, bearattack said: but it seems there is no IPv6 access The WG configuration looks okay, for IPv6 to work everything in your network environment needs to understand IPv6 and set up properly. Start your investigation there, and no it is not a bug. IPv6 with WireGuard does work. Quote Link to comment
asdfdemi Posted April 7, 2021 Share Posted April 7, 2021 So I've been having an issue that with my novice experience, I don't know where to turn. My Unraid box is remote to me hosted at a buddy's place, so I've been transferring files to and from the server via SMB over Wireguard. Started using Wireguard with Unraid 6.8, but suddenly started having issues and still having issues into 6.9. I've been having SMB file transfer issues where the speed will suddenly drop to 0 and eventually drops out completely. This appears to only happen when I upload to the server, and not while downloading from the server. I have tried file transfers over OpenVPN and have not experienced the same issues. Both my location and the remote location has gigabit fiber, so the speed difference between Wireguard and OpenVPN is quite significant. Running iperf3 over OpenVPN, I am getting speeds of around 200-300 mbps downloading from the server and 300-400 mbps uploading to the server. Running iperf3 over Wireguard, I am getting speeds of around 500-700 mbps downloading and uploading to and from the server. File transfer speeds on Windows 10 can start off at about 60 MB/s up to around 90 MB/s, but will suddenly tumble down to around 2MB/s, and then eventually just ~200KB/s to 0. I don't exactly know what is causing these SMB dropouts, or what had changed. I do know that I have not changed the Wireguard config, and the transfers were rock solid before, but is no longer. There are no SMB dropouts with OpenVPN. I've also tried reinstalling Wireguard server from Unraid and reinstalling the Wireguard client from my Windows 10 tower and laptop, but same issues persist. I've also tried transfers to shares that bypasses the cache drive, same issues. Quote Link to comment
hundsboog Posted April 13, 2021 Share Posted April 13, 2021 (edited) I updated today to the version 2021.04.12 and I dont get any handshake at all with all my peers i created. Anybody experiences the same problem as me? Update: I asked a friend of mine and he has the same problem. Must be some kind of bug. Is there a way to get back to the previous version? Edited April 13, 2021 by hundsboog Quote Link to comment
bonienl Posted April 13, 2021 Author Share Posted April 13, 2021 (edited) 1 hour ago, hundsboog said: I updated today to the version 2021.04.12 and I dont get any handshake at all with all my peers i created. Anybody experiences the same problem as me? Everything is still working for me. As a test I also recreated the configs and uploaded to my peers, all fine and working. Version 2021.04.12 corrects language translation support, not directly related to WireGuard itself. Switch to advanced mode and use the PING button to test reachability to the peer (in my example I have both IPv4 and IPv6, but same principle with IPv4 only) Edited April 13, 2021 by bonienl Quote Link to comment
hundsboog Posted April 13, 2021 Share Posted April 13, 2021 (edited) 34 minutes ago, bonienl said: Everything is still working for me. As a test I also recreated the configs and uploaded to my peers, all fine and working. Version 2021.04.12 corrects language translation support, not directly related to WireGuard itself. Hi and thank you for your fast answer, @bonienl Update: the german open source dyndns provider "ddnss.de" is down. Well that happened in the last 8 year only one time and felt accidentally together when i updated the plug in. My bad, I just checked their homepage where nothing is claiming about that their service is down so I checked by pinging in the console of my linux machine my dyndns adress. Edited April 13, 2021 by hundsboog sillyness Quote Link to comment
bonienl Posted April 13, 2021 Author Share Posted April 13, 2021 With so many peers failing at the same time, I would first check the router. Is port forwarding still correct on the router. Perhaps your Unraid server got a different IP address which breaks forwarding. Perhaps your router is using UPnP and lost the forwarding entries? Quote Link to comment
Sissy Posted April 16, 2021 Share Posted April 16, 2021 Dual-homed Unraid NAS (version 6.9.2) with WireGuard (plugin version 2021.04.12) tunnels on each of the two Ethernet adapters? I have an Unraid NAS with two Ethernet adapters. One adapter connects to a Verizon FIOS residential network segment (192.168.1.0/24) and the other connects to a Cox Business Services network segment (192.168.0.0/24). I would like to have WireGuard VPN tunnels on both of the Unraid NAS Ethernet adapters so that I can remotely tunnel in on either network connection (think failure of a router, firewall, cable modem, ONT, etc.). I can't see a way to bind tunnel wg0 to eth 0 and tunnel wg1 to eth 1. It appears that the WireGuard plugin attaches any tunnel created to the Ethernet adapter attached to the gateway with the lower metric. If a VPN tunnel is established on the Cox Business Services Ethernet adapter (eth 0), I want WireGuard to use the Cox gateway associated with that adapter. If it comes in on the Verizon side, I want the Verizon gateway used. Thanks in advance for any assistance. Quote Link to comment
TechMed Posted April 18, 2021 Share Posted April 18, 2021 (edited) Hi - can anyone (maybe @bonienl/ @ljm42 ?) help or tell me if there is a PIA config file? At this point ALL I want is ALL the traffic to go through PIA. a.k.a. "VPN Tunneled Access" I had it working fine with the "Remote Access to LAN" and now I want to change it. Any and all help will be greatly appreciated! Thanks! PS. If there is a better option for a VPN provider, I'm all ears for that too! Edited April 18, 2021 by TechMed PS note Quote Link to comment
TechMed Posted April 19, 2021 Share Posted April 19, 2021 Has anyone gotten VPN Tunneled Access working? If so, with what provider? Thank you. Quote Link to comment
ljm42 Posted April 19, 2021 Share Posted April 19, 2021 13 hours ago, TechMed said: Has anyone gotten VPN Tunneled Access working? See this thread: Quote Link to comment
Sissy Posted April 19, 2021 Share Posted April 19, 2021 On 4/16/2021 at 1:20 PM, Sissy said: Dual-homed Unraid NAS (version 6.9.2) with WireGuard (plugin version 2021.04.12) tunnels on each of the two Ethernet adapters? I have an Unraid NAS with two Ethernet adapters. One adapter connects to a Verizon FIOS residential network segment (192.168.1.0/24) and the other connects to a Cox Business Services network segment (192.168.0.0/24). I would like to have WireGuard VPN tunnels on both of the Unraid NAS Ethernet adapters so that I can remotely tunnel in on either network connection (think failure of a router, firewall, cable modem, ONT, etc.). I can't see a way to bind tunnel wg0 to eth 0 and tunnel wg1 to eth 1. It appears that the WireGuard plugin attaches any tunnel created to the Ethernet adapter attached to the gateway with the lower metric. If a VPN tunnel is established on the Cox Business Services Ethernet adapter (eth 0), I want WireGuard to use the Cox gateway associated with that adapter. If it comes in on the Verizon side, I want the Verizon gateway used. Thanks in advance for any assistance. Ping. Anyone? Quote Link to comment
TechMed Posted April 19, 2021 Share Posted April 19, 2021 1 hour ago, ljm42 said: See this thread: Thank you @ljm42, I did read extensively here to try to find a good solution. Might I ask which provider you use? Maybe @bonienl as well? PIA does not work, so I am looking for a new provider that truly works. Thanks!!! Quote Link to comment
ljm42 Posted April 19, 2021 Share Posted April 19, 2021 33 minutes ago, TechMed said: Thank you @ljm42, I did read extensively here to try to find a good solution. Might I ask which provider you use? Maybe @bonienl as well? PIA does not work, so I am looking for a new provider that truly works. Thanks!!! We have a thread specifically to discuss VPN Tunneled Access because it is quite different than all of the other modes: https://forums.unraid.net/topic/84316-wireguard-vpn-tunneled-access-to-a-commercial-vpn-provider/ I do not use it regularly, just for the initial tests. Quote Link to comment
[email protected] Posted April 28, 2021 Share Posted April 28, 2021 Hello everyone, I have 2 NICs on my mainboard, currently working as bond0 with adaptive load balancing. Is it possible to run the Wireguard VPN (unraid server as client) at eth0 and the "normal" local ethernet / internet at eth1? I imported a working config file from my phone and my unraid server connected WG-server. (The Wireguard server is at my mom's house and there should my backups go with rsync / rclone) Thanks! Quote Link to comment
Sissy Posted April 28, 2021 Share Posted April 28, 2021 12 minutes ago, [email protected] said: I have 2 NICs on my mainboard, currently working as bond0 with adaptive load balancing. Is it possible to run the Wireguard VPN (unraid server as client) at eth0 and the "normal" local ethernet / internet at eth1? I've had no success at getting questions answered about multi-NIC Unraid WireGuard installations. I've posted here and here in this thread and had zero responses, publicly or privately. I also private-messaged bonienl, author of the WireGuard plugin, more than a week ago. Although he has been logged on since then, I've not had any response from him, either. I've not seen any information on how to, or if you can, selectively bind an instance of WireGuard to a particular NIC. Based on my experimentation, it appears to attach itself to whatever NIC attached to the gateway with the lowest metric. In my case, I have two NICs attached to two different network segments, each with its own gateway (Verizon on one, Cox on the other). I want to bind WireGuard to each NIC so that I have redundant paths into my local network so that a single point of failure cannot lock me out when I am operating remotely. Maybe as time goes on, mechanisms to do what we want, and/or documentation as to how to do it, will be developed. Quote Link to comment
Boo-urns Posted May 2, 2021 Share Posted May 2, 2021 Greeting again. Can anyone confirm this is the correct Static Route I need to set in a Unifi router? I still cannot access custom networks from my WG client. Normal LAN is fine. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.