Dynamix WireGuard VPN


bonienl

Recommended Posts

On 9/23/2021 at 2:51 PM, writablevulture said:

I have this working and I am pleased with it.

 

However, I am using Cloudflare with Nginx Proxy Manager to provide reverse proxy access to various services on my Unraid box without having to open ports for each of them in my router.

Is is possible to do the same with WireGuard so I can avoid forwarding its port in my router? Is this even desirable and would it give me any additional security?

 

Thanks!

 

To answer my own question see WireGuard quickstart. WireGuard doesn't seem to work with proxied connections.

Quote

If you are using Cloudflare for DDNS, be sure to configure the Cloudflare "Proxy status" to "DNS only" and not "Proxied".

 

  • Like 1
Link to comment
On 9/24/2021 at 3:08 PM, nomadhawk said:

I have a weird problem I have noticed about the plugin. when the server reboots I have to regen the key and redo the config to get it to connect again. it is odd. 

I can confirm that this happens to me too.

Every time the server gets rebooted I have to change the Peer Type setting and change it back again to make it work. I guess any change to the config fixes the problem. I don't have to reload the config on the client so it seems to be server side problem only.

Link to comment
On 9/24/2021 at 6:08 AM, nomadhawk said:

I have a weird problem I have noticed about the plugin. when the server reboots I have to regen the key and redo the config to get it to connect again. it is odd. 

 

4 hours ago, Celmar said:

I can confirm that this happens to me too.

Every time the server gets rebooted I have to change the Peer Type setting and change it back again to make it work. I guess any change to the config fixes the problem. I don't have to reload the config on the client so it seems to be server side problem only.

 

That is odd, can you post your diagnostics

 

Also, open a webterminal and type:

ls -al /etc/wireguard

then paste the results here. It should show that /etc/wireguard is loading from /boot/config/wireguard/

Link to comment
  • 2 weeks later...

Excuse me. I don't want to sound ignorant as i didn't read the whole thread. I just searched a bit through. But i can not find any hint about what to do with the routing when i have a router which isn't able to do custom routes. So i can not set up the static route which is needed for Wireguard to be fully functional and even the Docker container are reachable through Wireguard. The biggest bummer is that my DNS is a Docker container so when i'm connected to Wireguard i have no DNS etc. which is a big problem at the moment. Any suggestions?

Link to comment

Clearly not the best way. Should have noted that it is not a 100% DNS. It is just the dnsmasq from my Pihole Docker. But it is really annoying to loose any local "DNS-like" resolver if my homelab is build around this blabla.local domain. 

Other wise if i loose my Pihole Docker i not only loose my internal i also loose my resolver for the whole internet at home.

So my choice was just let Pihole run on a pi without any UPS and other thigs like automated backups etc. or let it run as a docker on my unraid. Which imho is the better choice of those two.

But again, the internal dnsmasq resolving of my "whatever".local domain is not working when connected to Wireguard. So what to do?

Go the only other way and set up the Pihole on a Pi again and loose all the benefits i get when i host Pihole as a Docker.

Is this really the only way?

Maybe i should learn to et up a Pihole cluster made of two Pi or something like that...

Edited by screwbox
Link to comment
  • 3 weeks later...

Hi,

 

I currently have a Deco M5 Router and Wireguard set up. I was running a few of my docker containers for awhile in bridge mode on the different ports of my Unraid server, but due to restructuring everything I set up custom networks and each of my docker container has its own set of IPs now.

 

Once I moved them over to their own IPs I was no longer able to access them once connected to my Wireguard VPN on any other device. After doing a bunch of digging I found the settings in the settings that say "Remark: docker containers on custom networks need static routing 10.253.0.0/24 to 192.168.68.114". My issue however is that my Router, Deco M5 doesn't support static routing and it has been a feature that has been asked for over a year but nothing has happened.

 

Is there any other way around this so I can access my LAN when connected remotely through WireGuard?

 

From https://forums.unraid.net/topic/84226-wireguard-quickstart/

With "Use NAT" = No and "Host access to custom networks" = enabled and static route 

 

  • server and dockers on bridge/host - accessible!
  • VMs and other systems on LAN - accessible!
  • dockers with custom IP - accessible!
  • (woohoo! the recommended setup for complex networks)

This seems to be the only one that allows for docker with custom IP but if I can't set a static route what should I do?

 

Thank you!

Edited by 97WaterPolo
Link to comment
  • 2 weeks later...

Hello, I have an issue that suddenly cropped up with zero changes to config on the Unraid 6.9.2 server and Windows 10 clients, but now results in SMB file transfers starting off fast, then drops off a cliff to 0 and eventually fails. I am remotely connecting to my server. The host for the server and my location is both on the same gigabit fiber ISP, and there had been no issues noticed in the last at least 6 months of using with many large file transfers per day. Previously, downloads from the server at >90MB/s, uploads to the server at >40MB/s (slower but stable, I never configured anything to throttle it, but it was always stable so I didn't think twice about it). Now the downloads are the same, but uploads peak at >90MB/s, but is unstable and risks dropping to 0 and failing. Downloads never seem to fail. I have tested this on both my Windows 10 desktop and my laptop via ethernet and wifi, same result. Nothing would have changed on the routers at both locations, as I am in control on both ends. Alternatively, I have tried using my OpenVPN docker for SMB file transfers, and that has been rock steady, but significantly slower than Wireguard (about 30% the peak speed of Wireguard). Any advice?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.