WireGuard - VPN Tunneled Access to a commercial VPN provider


ljm42

Recommended Posts

I am having a strange issue where i download the zip from the vpn interface in unraid, import that conf file into networkmanager on Arch Linux but the tunnel does not work. Anyone else have this? Yes i have wireguard-tools installed on Arch. The .conf files work fine on windows and macOS just not in Arch Linux. Is there something missing?

 

EDIT:

Importing through networkmanager did not work.

Importing through the CLI works.

nmcli connection import type wireguard file "wireguard.conf"

Edited by SavageAUS
Link to comment
On 5/8/2022 at 7:02 AM, bonienl said:

Unraid does not accept a system wide DNS setting, instead - if a specific DNS is required - you should configure that under extra parameters of the docker container.

Like:

--dns=100.x.y.z

 

 

thanks! I updated the OP with this information

Link to comment
On 5/8/2022 at 9:36 AM, AndiAUT said:

So I tried to use "--dns=8.8.8.8" as extra parameter in the firefox docker container. I figured if use this parameter and go to https://www.dnsleaktest.com/ i should see the nearest Google DNS after a Standard test, but instead I see the DNS that Mullvad would use if I used the Mullvad PC app. As if the --dns setting deletes the Unraid DNS setting for that container and so it reverts to the Mullvad DNS.

 

Try with a different provider? It sounds to me like Mullvad is redirecting all DNS through their servers regardless of your --dns setting.  I tested with VPN Jantit (in the OP) and dnsleaktest showed the expected results.

Link to comment
2 hours ago, ljm42 said:

 

Try with a different provider? It sounds to me like Mullvad is redirecting all DNS through their servers regardless of your --dns setting.  I tested with VPN Jantit (in the OP) and dnsleaktest showed the expected results.

 

This would be ideal, but why do I get Mullvads DNS if I use the dns parameter (tried it with 1.1.1.1, same result) and my ISPs DNS without the parameter? I would normally expect to get Mullvads DNS with and without the extra parameter set, if it the parameter does nothing.

Link to comment
On 5/8/2022 at 11:32 PM, bonienl said:

Unraid does not accept a system wide DNS setting, instead - if a specific DNS is required - you should configure that under extra parameters of the docker container.

Like:

--dns=100.x.y.z

 

I used resolvconf from slackware.pkgs.org to do dns. (I haven't actually used my script in a while guess I don't have to now seeing as its integrated into the UI)

 

Link to comment

Hello, I have trouble with port forwarding from Mullvad VPN to Transmission docker container.

 

I am running Unraid 6.10.0-rc8, I successfully imported Mullvad config file, and I connect fine (when I curl ifconfig.io from the container I get the VPN ip). But port forwarding doesn't work. I have enabled it in mullvad and set it to the correct city, provided the correct port in transmission, but it's not working. I tried the solution below, but it doesn't seem to work for me.

 

On 12/3/2019 at 8:03 PM, Dataone said:

 

I know that this is the trick for Plex, but you may be able to do the same with the jellyfin ports.

PostUp  = iptables -t nat -I PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port)
PreDown = iptables -t nat -D PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port)

 

 

I added this lines to Wiregurad config:

 

PostUp  = iptables -t nat -I PREROUTING -p tcp --dport *mullvad port* -j REDIRECT --to-ports *mullvad port*
PreDown = iptables -t nat -D PREROUTING -p tcp --dport *mullvad port* -j REDIRECT --to-ports *mullvad port*

 

Maybe I screwed up with the iptables (I am not 100% what is going on here). Does anyone have similar problems, and how did you solve them? Any help would be greatly appreciated!

  • Upvote 2
Link to comment

Hi. Now that 6.10 is released with Wireguard integrated into the webgui, I'm trying to connect a tunnel to my VPN, Surfshark. I downloaded a conf file with the server I want to connect to and "Import Tunnel". Everything seemed to populate ok except the mandatory field "Peer tunnel address". What is supposed to go here?

Link to comment
  • 3 weeks later...

Hey all, I use Mullvad; I set up wg2 as a tunnel successfully and I have a few containers running in it, however I'm trying to port forward thru mullvad. In the CLI for a container, I can verify that I am connected to the VPN, however when I check the port it tells me it is not forwarded. Is this a limitation of the feature currently, or a misconfiguration on my end, and if so, how can I address it? Thanks!

 

ed. I'm a dunce... Same issue here as Purely8120 above, but I've not attempted to set an iptables rule.

 

ed2; Tried setting those IPTables rules under [Interfaces], import it, and reboot, and I'm still getting a bad response unfortunately.

 

ed3; I've tried hitting my head against the wall in a number of ways; I have read up on what exactly the iptables is setting and it seems to make sense; I've tried replacing -I with -A (no reason why append would work differently but insert, but whatever), no dice, tried even changing the peer endpoint to the now opened port, no dice.

 

I've gone back to a container with the wireguard support built-in, and it is working fine now, I just would love for the built-in feature to work so as not to use so many slots. If anyone has some wisdom to add to the equation, please let me know. 

 

mullvad.png.5291d4b52036a8b5735b426999349c52.png

Edited by hking0036
added troubleshooting
Link to comment

Does anyone know if it’s is possible to configure a proxy port (like privoxy) with this set up? Runnings things through the wg network seems great for all things on unraid but I have used privoxy to piggery back browsers on my desktop pc through the privoxy docker container. Thanks!


Sent from my iPhone using Tapatalk

Link to comment
  • 4 weeks later...

Forgive me if this has been asked before, I did search the forums and Google, but I am coming up short.

 

I have imported my WireGuard conf (AirVPN) and the peer type of access is set to "VPN tunnel for docker containers only". The tunnel appears to be connected and working, but the wg0 custom network does not appear in the drop down list of network options in the container settings.

 

It also does not appear when running

docker network ls

 

I have restarted the docker service and recreated the WireGuard tunnel a few times, but this does not seem to help.

I am running unRAID 6.10.3.

 

Have I missed something obvious?

Link to comment
  • 3 weeks later...
  • 2 weeks later...

I was looking at this to replace OpenVPN containers that I set as network type of various dockers but I noticed that any container I set to the wireguard tunnel is using unraid's default DNS routing and not the wireguard provided one.

 

image.png.250da8dafbf502a41dbc225c5d986ae8.png

Likely I'm misunderstanding but shouldn't this setting dictate what the tunnel uses? Aside from manually adding -dns to every docker using the tunnel is there some setting I'm not using correctly?

Link to comment

I've set up VPN tunneled access for Docker using KeepSolid. Prowlarr docker works fine but qBittorrent is stuck on "Downloading metadata" for anything I throw at it - I've checked the IP address used within qBittorrent and it's the VPN IP address. Any ideas on what I can do to get downloads working?

Link to comment

Is it possible to set this up to allow other hosts on your network to use the wireguard vpn for their traffic?

 

for example, I have. Few smart tvs and fire sticks I’d like to send their traffic over a vpn, but everything else on my network to go out via my normal isp to the internet?

Link to comment
On 8/5/2022 at 5:01 AM, melmurp said:

I was looking at this to replace OpenVPN containers that I set as network type of various dockers but I noticed that any container I set to the wireguard tunnel is using unraid's default DNS routing and not the wireguard provided one.

 

image.png.250da8dafbf502a41dbc225c5d986ae8.png

Likely I'm misunderstanding but shouldn't this setting dictate what the tunnel uses? Aside from manually adding -dns to every docker using the tunnel is there some setting I'm not using correctly?

 

If we let the tunnel update the main DNS resolver for Unraid then all of Unraid's DNS queries would go through the tunnel, which doesn't make sense.  As mentioned in the OP, adding --dns to each container is the solution to this.

Link to comment
6 hours ago, rorton said:

Is it possible to set this up to allow other hosts on your network to use the wireguard vpn for their traffic?

 

for example, I have. Few smart tvs and fire sticks I’d like to send their traffic over a vpn, but everything else on my network to go out via my normal isp to the internet?

 

You would be better off finding a way to do this though your router.

Link to comment
  • 1 month later...

Hi guys, i'm using the PrivateVPN, always worked with the wireguard in unraid.

But after i had a new unraid server, i download the wireguard.conf, import into VPN settings, change the qbitorrrent network to the WG0, but when i access it shows error. When i change back to meu main custom network it works.

 

Any ideias what that can be?

 

 

IN MY CUSTOM NETWORK

image.png.eb0a6634c2c723b8e93b88dd86eb90ef.png

image.thumb.png.d902743e67cbaf05196bd3307a5b1bd6.png

 

 

 

IN THE WG0 NETWORK:

image.png.be03e9535e2ea2e32580fbf1749cf296.png

image.thumb.png.b2edc49b5d9fa41456dcef4bd830bb8a.png

 

Link to comment
On 7/24/2022 at 10:10 PM, thompw said:

can any one tell me how to get this working with surfshark im a new and been trying for months one step forwards 6 steps back 

 

Were you able to get surfshark to work? Been trying setting it up via vpn manager but when testing firefox, there is no connection. Using the config file on qbittorentvpn works though.

Link to comment
  • 2 weeks later...
On 8/14/2022 at 6:31 PM, rorton said:

Is it possible to set this up to allow other hosts on your network to use the wireguard vpn for their traffic?

 

for example, I have. Few smart tvs and fire sticks I’d like to send their traffic over a vpn, but everything else on my network to go out via my normal isp to the internet?

I would also be interested in such a simple solution. At the moment I'm using a VM with Openvpn as a gateway for firetv, TV, etc..

Link to comment

What ive just done, is build an Ubuntu VM and set this up as a VPN Server if you like, Its running Ubuntu server, and at the moment, I have a wireguard vpn connection to NORD VPN. 

 

My Ubuntu VPN VM has 2 interfaces, an external (going to the internet) and an internal (facing the network) and what I did, was changed the default gateway of the devices I want to go over the VPN to be the internal IP of the VPN VM, and my other devices have a normal default gateway and go out to the internet normally. Works well. 

  • Like 1
Link to comment
  • 1 month later...
On 5/3/2022 at 11:30 AM, Skitals said:

Getting PIA working is as simple as using this utility to generate a config file. It took me a few attempts trying different endpoints before finding one that worked (or perhaps there is some failure rate), but it is possible to create a standard wg config file with PIA.

 

So I'm new to wireguard but managed to setup a tunnel for all of my internet traffic to be routed thru my UnRAID server and I've successully setup my iPhone as a client and it's working great.  Now I'm trying to get a wireguard tunnel setup so I can route certain dockers thru my PIA VPN. I was able to create the .conf file using the utility (nice work!) but I'm not sure if I need to configure anything else in UnRAID when I import the tunnel? When I set nzbget to use my custom tunnel (wg1), I can't get any response for an ip address using curl ifpconfig.io in a console for the respective docker.  Do I just need to try another PIA server? Any suggestions on which one to use for dockers like nzbget and deluge?

 

EDIT: So I finally found a server that works...I think. It's the CA-Toronto one. I get an IP address from Toronto returned to me when typing curl ifconfig.io inside a docker terminal. Anything else I need to verify?

Edited by betaman
Link to comment

Is the built in wireguard implementation as good as the ones built into binhex containers? I am guessing not.

 

Is there anyway to "upgrade" the built into wireguard VPN to be as good as the binhex. Aka no worries about leaking a real IP / DNS leak etc? It would be a lot simpler to just have everything routed though the vpn vs trying to setup each container.

Link to comment
On 11/17/2022 at 9:38 AM, TexasUnraid said:

Is the built in wireguard implementation as good as the ones built into binhex containers? I am guessing not.

 

Is there anyway to "upgrade" the built into wireguard VPN to be as good as the binhex. Aka no worries about leaking a real IP / DNS leak etc? It would be a lot simpler to just have everything routed though the vpn vs trying to setup each container.

 

The OP tells you how to run a leak test, not sure what else you would be concerned with?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.