WireGuard - VPN Tunneled Access to a commercial VPN provider


ljm42

Recommended Posts

Hi! I don't know if this has been covered but I don't find a solution. I managed to make a Remote tunneled access via wireguard to remotely access my unraid and network. But the guide in OP says that we cannot have to wireguard configs enabled at the same time.

So is there any way to set up unraid to route all of its traffic outsite via a commecial vpn for privacy and also have another way to vpn into my unraid and lan from outside?

Link to comment
  • 3 weeks later...
On 5/24/2021 at 11:21 PM, ljm42 said:

 

I'm glad you got it working, but this definitely falls outside the scope of what I would consider to be supported :)  I modified the OP accordingly. If you would like to start a new guide of your own specific to PIA I'd be happy to link to that.

I've created a fork of the PIA scripts to simplify the install process on unRaid, it's still not as simple as importing a configuration, but the scripts now generate a file following the "wg#.conf" convention which gets picked up by the Dynamix WireGuard plugin, it also fills the public key and VPN type fields correctly (which exist in "wg#.cfg").

 

I also added a user script to be used with the User Scripts plugin to make configuration changes (like re-selecting a server) easy to make, all you really need to fill to be up and running are the PIA account credentials.

 

You can find my fork at https://github.com/DorCoMaNdO/pia-wireguard-unraid, the user script is part of the repo at unraid_userscript.sh

Edited by Dor
  • Thanks 3
Link to comment
  • 3 weeks later...

I am currently unable to get this to work with Mullvad, not sure what I am doing wrong. I download my config file, import it, the tunnel shows up with everything filled in, but when I change the slider to active, nothing happens. My logs don't show the tunnel starting at all. I have confirmed that everything with mullvad is working fine since I can use it with my phone. All other tunnels are also disabled. Any hints?

Link to comment
On 8/27/2021 at 5:19 PM, Dor said:

I've created a fork of the PIA scripts to simplify the install process on unRaid, it's still not as simple as importing a configuration, but the scripts now generate a file following the "wg#.conf" convention which gets picked up by the Dynamix WireGuard plugin, it also fills the public key and VPN type fields correctly (which exist in "wg#.cfg").

 

I also added a user script to be used with the User Scripts plugin to make configuration changes (like re-selecting a server) easy to make, all you really need to fill to be up and running are the PIA account credentials.

 

You can find my fork at https://github.com/DorCoMaNdO/pia-wireguard-unraid, the user script is part of the repo at unraid_userscript.sh

 

Hi, tried running it and hit an error

 

./get_region.sh: line 242: ./setup_wireguard_with_token.sh: Permission denied
 

This was after it auto-selected the nearest server for me

 

Edit:  Made it executable and all good now.

Edited by dalben
Link to comment
On 9/12/2021 at 9:14 PM, Moises said:

I am currently unable to get this to work with Mullvad, not sure what I am doing wrong. I download my config file, import it, the tunnel shows up with everything filled in, but when I change the slider to active, nothing happens. My logs don't show the tunnel starting at all. I have confirmed that everything with mullvad is working fine since I can use it with my phone. All other tunnels are also disabled. Any hints?

Switch to advanced mode and set your peer tunnel address to an available IP in your local tunnel network pool.

Link to comment
  • 1 month later...
  • 1 month later...

I am using IVPN and they do not provide a configuration file to import into unraid. 

 

They expect you to give them the public key then they assign you an IP address. 

How can i use the unraid wireguard VPN tunneled access if i do not have a config file from my preferred VPN provider?

 

Here is the relavent documentaion: Not public. :( Here is what i could find  IVPN Wireguard

 

This also applies to trying to setup a docker container like delugevpn that requires a config file.

 

Link to comment

It sounds like you need to generate a set of private and public keys, hopefully when you give them the public key they will give you a full config file and not just an ip addess.

 

There are many ways to generate a set of keys, probably the easiest would be to go into the webgui and create a dummy wireguard tunnel and peer, and then press "Generate Keypair". You can delete this dummy tunnel and peer, but be sure to keep a copy of the public and private keys.

 

Once you get the config file from the provider you would import it per the instructions on the first post of this thread. Then add the public and private keys you created earlier as the "Local" public and private keys.

 

If they expect you to build the config file on your own I would probably move on to a different provider.

Link to comment
On 1/12/2022 at 10:32 AM, ljm42 said:

It sounds like you need to generate a set of private and public keys, hopefully when you give them the public key they will give you a full config file and not just an ip addess.

 

There are many ways to generate a set of keys, probably the easiest would be to go into the webgui and create a dummy wireguard tunnel and peer, and then press "Generate Keypair". You can delete this dummy tunnel and peer, but be sure to keep a copy of the public and private keys.

 

Once you get the config file from the provider you would import it per the instructions on the first post of this thread. Then add the public and private keys you created earlier as the "Local" public and private keys.

 

If they expect you to build the config file on your own I would probably move on to a different provider.

This is what i had thought has well. I went through the process and did not get a config files they only gave me an IP. They do give detailed instructions on how to add wireguard to a linux in this specific manner but i do not know how to apply this to the unraid wireguard setup. Here are some instrutions : https://www.ivpn.net/setup/linux-wireguard-netman/

Edited by Ender Wiggin
Link to comment

Hi, I was looking around the wireguard capabilities (other post) and in the meanwhile i'm looking around trying to understand which commercial provider is the best one, evaluating also the compatibility with the built-in client or any docker container acting as man in the middle. I saw that some providers implemented their own privacy layer due to wireguard protocol specifications, but I'm disoriented. Do you have any suggestion?

Link to comment
  • 2 months later...

I'm trying to use AzireVPN.  I downloaded the config file, uploaded it to Wireguard.  When I switch to advanced mode, I see their server name in there.  VPN tunneled access is the type I'm trying to setup.  I can ping their server from the config screen.  When I activate it, the "last handshake" line shows inactive connection.  When I leave the screen and go back in, it's inactive.    I must be forgetting something fairly basic, yet I'm seeing anything in this thread,  It might be there and I just don't recognize it.

Edited by TimV
more info
Link to comment

For anyone following this thread, be sure to check out the first post for a sneak peek into 6.10.0-rc5, coming Soon(TM)!  

 

Starting with this release you will be able to assign specific Docker containers to a VPN tunnel connected to a commercial provider! The rest of your server will use the normal Internet connection while your selected containers use WireGuard. There is even a kill switch, so if the WireGuard tunnel goes down, the containers will not be able to access the Internet.

  • Like 2
  • Thanks 1
Link to comment
17 hours ago, ljm42 said:

For anyone following this thread, be sure to check out the first post for a sneak peek into 6.10.0-rc5, coming Soon(TM)!  

 

Starting with this release you will be able to assign specific Docker containers to a VPN tunnel connected to a commercial provider! The rest of your server will use the normal Internet connection while your selected containers use WireGuard. There is even a kill switch, so if the WireGuard tunnel goes down, the containers will not be able to access the Internet.

Oh that may be perfect for my needs.

I currently have a "Server to Server" tunnel to a VPS to mask my IP from my publicly hosted websites.
Would this enable assigning the tunnel as a Custom Network/Custom Bridge to individual Dockers? That is what I am looking for, as the VPS has limited bandwidth.
(Or would you know if that would be possible, at all?)

Link to comment

Oh dear, that would be amazing to have.
I only have Host, Bridge, None and Custom: br0 as available Network Interfaces. (I have no clue how to create another "Custom" interface, I guess...)

Even when setting up my second NIC calling it 'eth1', it does not show up as an option.

I will have to give this another go, but I have not seen WireGuard Tunnels as Network Interfaces before in my setup. Would this only be the case with "VPN Tunnel" as selected option?

 

Edited by Arndroid
Link to comment
3 minutes ago, Arndroid said:

Oh dear, that would be amazing to have.
I only have Host, Bridge, None and Custom: br0 as available Network Interfaces. (I have no clue how to create another "Custom" interface, I guess...)

Even when setting up my second NIC calling it 'eth1', it does not show up as an option.

I will have to give this another go, but I have not seen WireGuard Tunnels as Network Interfaces before in my setup. Would this only be the case with "VPN Tunnel" as selected option?

 

 

You'll need to wait for 6.10.0-rc5 :)

Link to comment

I see that PIA is "unsupported" and not recommended, but seems to be several folks that had previously made the converted PIA files via scripts from various GitHub projects... I've tried a couple of those converted CONF files with the new RC5 options without any luck.  If anyone finds a way to make those work with the "VPN tunneled access for docker" option in RC5, I'd be all ears to hear how (even if not fully supported).  I don't really want to switch to a new provider at the moment.

Link to comment

I run my own wireguard server on a VM in the cloud. Just tried the VPN tunneled access for docker option and it works like a charm.

 

Just follow the instructions in the OP. For my existing tunnel i just had to adjust the option that was added after rc5. In my case the "peer endpoint" disappeared so the tunnel stopped working. Not sure if this could be considered a bug.

 

Very happy camper no longer have to route plex through the VPN which broke all kinds of home automation stuff.

 

Thanks!

Link to comment

Windscribe also support WireGuard, I've been using them for years without any problems.

  • There's a config generator for WireGuard/IKEV2/OpenVPN so you can use it anywhere you want (not locked to their app).
  • You can even make your own plan. I currently pay 3$CAD per month for all USA location + unlimited bandwidth + free location.
  • I used an affiliate link, if for some reason you don't want to use it just remove everything after .com.
  • I'm also not working for them... It's really the one that I use and highly recommend and I used a lot.
  • Perfect for users like us.
  • I'll stop selling them and let see by yourself 😆, I really just love them !

EDIT: If you use my link you also get 1GB of extra bandwidth for the free plan. Note that you need a paid account to use WireGuard.

 

EDIT: I found out that the PresharedKey is not imported from the config file, you need to enter it manually in the Unraid/Wireguard interface. Work like a charm. Thank you very much

Fixed In 6.10.RC6

Edited by Steace
bug found + fix
  • Like 1
Link to comment
On 4/20/2022 at 8:51 PM, ljm42 said:

 

You'll need to wait for 6.10.0-rc5 :)

RC5 has now been released, I installed it yesterday. Got the chance to configure a commerial VPN today alongside my WG VPS Tunnel. (Set as "Remote Access To Server", which is also selectable now through the Docker Network Type dropdown)

 

And things are working wondrously! My NZBVpn docker was acting up, installed de LS.io one, hooked it up through my WG commerical VPN config which I simply imported, and bam, stuff is working, confirmed it with curl inside the container.

Thanks UnRAID and Community! :D

  • Like 1
Link to comment

Hi,

 

Upgraded to 6.10.0-rc5 to test out this new functionality.

I'm using TorGuard as commercial VPN, so created config file, imported (it created wg1) and when activating it seems to connect fine (able to ping to the peer endpoint).

However when I want to use this connection for a container for example firefox, I'm setting the network type to custom wg1, but as soon as the container is started I can't reach it anymore, tried it with other containers same result.

 

Any idea? @bonienl @ljm42

 

To be more complete: my Unraid runs untagged on my server VLAN and my containers/VM's are running on their own VLAN. To test tried it with AirVPN same result tunnel is connecting fine however as soon as I am connected I can't connect to the docker container it uses.

Could it have something to do with the iptables who are set?

 

Edited by Kopernikus
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.