WireGuard - VPN Tunneled Access to a commercial VPN provider


ljm42

Recommended Posts

Thank you @ljm42 for getting back to me. While PIA does provide a 'script', it fails at the end when attempting to get the certificate from them. I tried working with their support, but we've just been running in circles. So, I am looking for a new, functional provider. (I've been reviewing the first posts suggestions)

 

May I ask you for a recommendation please. I would rather go with something that is recommended by someone here, than guessing for myself. Evidenced based information is far better than simply going on faith or guessing. I have been reading over Mullvad and TorGuard, contacted their support, but before I pull the trigger, I'd really like some knowledgeable feedback from our team here.

 

Thanks again for the assist; it always appreciated !!!

Link to comment
While PIA does provide a 'script', it fails at the end when attempting to get the certificate from them. I tried working with their support, but we've just been running in circles.


I don’t have a solution for you, but many of us are using wireguard and PIA in binhex’s excellent VPN enabled containers. Maybe you could look into the script he’s using to get the required settings? Or even set up a container and copy the wg config file?


Sent from my iPhone using Tapatalk
Link to comment
  • 2 weeks later...
On 4/20/2021 at 2:02 PM, ljm42 said:

 

There shouldn't really need to be provider-specific instructions. If PIA lets you download a standard WireGuard config file then you should be able to import it as discussed in the first post of this thread. 

 

Note that if a provider requires you to use their own custom app rather than the standard WireGuard app, they won't work with Unraid as it uses the standard WireGuard app for linux.

 

If you can confirm that PIA works I'll add them to the list on the first post.

 

 

That sounds reasonable

 

 

 Hi @ljm42 & @bonienl,

 

I received an "escalated" reply from PIA and...

"I understand that you needed a Wireguard configuration file.

Please let know that PIA only has a configuration file available for OpenVPN.  Wireguard can only be used using the PIA client app."

 

So I guess I'll be switching over to Mullvad.

 

And @Jorgen... thanks for the suggestion :) I do use, almost exclusively, Binhex's containers. I just want that particular server to be completely in the blind; just makes it easier for me. But, thanks again for the suggestion!

 

Take care everyone. And please, follow the mask and handwashing protocols for just a while longer. Our case numbers are slowly declining almost every day at the hospital where I work. Hang in there... PLEASE and thank you!

Link to comment
 
 
I received an "escalated" reply from PIA and...
"I understand that you needed a Wireguard configuration file.
Please let know that PIA only has a configuration file available for OpenVPN.  Wireguard can only be used using the PIA client app."


Hmm that doesn’t seem right. PIA themselves have published scripts to use with wireguard outside their app:

https://www.privateinternetaccess.com/helpdesk/kb/articles/manual-connection-and-port-forwarding-scripts


Sent from my iPhone using Tapatalk
Link to comment

HI @Jorgen and @ICDeadPpl,

 

I tried the script linked below, but it would get most all the way to the end and error out.

It would be great if I could get it to work!

 

Just got home and I have another 12 to do so I have to put this off until tomorrow or Saturday.

I am more than happy to try again.

I will post a screen shot of the error.

 

Maybe someone can help me figure out what I am doing wrong? 😉

 

Stay safe and thanks for the feedback!!! I truly do appreciate it!

 

Talk soon!

 

14 hours ago, Jorgen said:


Hmm that doesn’t seem right. PIA themselves have published scripts to use with wireguard outside their app:

https://www.privateinternetaccess.com/helpdesk/kb/articles/manual-connection-and-port-forwarding-scripts


Sent from my iPhone using Tapatalk

 

 

 

5 hours ago, ICDeadPpl said:

Yeah, I've been using the scripts to generate Wireguard configs for my PIA account. Works fine.

 

Link to comment
17 minutes ago, TechMed said:

HI @Jorgen and @ICDeadPpl,

 

I tried the script linked below, but it would get most all the way to the end and error out.

It would be great if I could get it to work!

 

Just got home and I have another 12 to do so I have to put this off until tomorrow or Saturday.

I am more than happy to try again.

I will post a screen shot of the error.

 

Maybe someone can help me figure out what I am doing wrong? 😉

 

Stay safe and thanks for the feedback!!! I truly do appreciate it!

 

Talk soon!

 

 

I'm actually using a fork of the official PIA script from here:
https://github.com/hsand/pia-wg
It works fine, if you follow the instructions in the project's README.md  file.

Edited by ICDeadPpl
Link to comment
  • 2 weeks later...

Hi @ICDeadPpl and @Jorgen,

 

We have been very busy with some of C-19 variant cases.

Fortunately, they are responding, albeit slowly, to the standard treatments; 99% were not vaccinated.

Just saying...

 

Anyway...

This is the first chance I have had to relax and try this.

ICDeadPpl... I read the README.md and it appears I do not have the required dependencies.

When I tried the first line of the instructions, I got 'apt:' command not found.

It does not seem to be in NerdPack either.

So, if either of you would be willing to help me get these dependencies installed on unRAID, I am pretty sure I can do the rest on my own.

 

BTW, thanks for the simplified fork, and perhaps this is why I couldn't get the 'official PIA' script to complete.?

 

Thanks in advance!

Link to comment
Sorry, I am not well versed in Linux.
Where do these files go; (path(es)).
/xxxx
and on the flash, cache or both?
I can do this, just need the pointers.
Thanks again!

Sorry I won’t be able to help, my unRAID server is in storage for a month due to house renovations so I would just be guessing at things to try.
Did you already try just copying the wg config file from appdata on one of the Binhex VPN dockers?


Sent from my iPhone using Tapatalk
Link to comment
15 hours ago, TechMed said:

Hi @ICDeadPpl and @Jorgen,

 

We have been very busy with some of C-19 variant cases.

Fortunately, they are responding, albeit slowly, to the standard treatments; 99% were not vaccinated.

Just saying...

 

Anyway...

This is the first chance I have had to relax and try this.

ICDeadPpl... I read the README.md and it appears I do not have the required dependencies.

When I tried the first line of the instructions, I got 'apt:' command not found.

It does not seem to be in NerdPack either.

So, if either of you would be willing to help me get these dependencies installed on unRAID, I am pretty sure I can do the rest on my own.

 

BTW, thanks for the simplified fork, and perhaps this is why I couldn't get the 'official PIA' script to complete.?

 

Thanks in advance!

I should have mentioned that I followed the instructions for Windows, as I ran the script on my Windows 10 machine.

Link to comment

@Jorgen @ICDeadPpl @ljm42

 

Sometimes I swear I am getting senile!!!!

200w.webp?cid=ecf05e478hy4gxja8hxu8jzzdt

 

The PIA script DOES WORK!!!!   

 

IF YOU USE THE CORRECT D@*#ED PASSWORD!!!

ARRRGGGGGG!

 

image.thumb.png.35151d18b0ad9582a07624c736033d56.png

 

Thank you everyone for your time and patience. We have a great team here and hopefully this fiasco will help someone else!

 

Be safe everyone!

 

Edited by TechMed
Left addy exposed... I need a beer!
  • Like 1
Link to comment
On 10/23/2020 at 8:21 PM, Michael Kaaber said:

Can you use the “—interface wg1” in a docker to only route that docker trough the tunnel?

Anyone figured out whether it's possible to route a specific docker through a tunnel that is connected to a VPN provider?

Link to comment

Hi All, (@ljm42)

 

Just confirming that PIA will work with unRAID.

I have had it up and running for over a week now; not one issue.

As directed, I have been verifying via the jlesage/Firefox Docker.

 

While not for the faint of heart (nor as easy as Jorgen, ICDeadPpl, and ljm42 have made it by simply installing a provider config) this link to a PIA support page will get you set up. Follow the instructions though!!! Actually read the readme.md file as there's important info in there. Lastly, make sure you are using the "manual-connections-2.0.0" setup zip/tar.

 

As always, thanks to the GREAT community here for making all of this possible!

  • Like 1
Link to comment
6 hours ago, TechMed said:

Hi All, (@ljm42)

 

Just confirming that PIA will work with unRAID.

I have had it up and running for over a week now; not one issue.

As directed, I have been verifying via the jlesage/Firefox Docker.

 

While not for the faint of heart (nor as easy as Jorgen, ICDeadPpl, and ljm42 have made it by simply installing a provider config) this link to a PIA support page will get you set up. Follow the instructions though!!! Actually read the readme.md file as there's important info in there. Lastly, make sure you are using the "manual-connections-2.0.0" setup zip/tar.

 

As always, thanks to the GREAT community here for making all of this possible!

 

I'm glad you got it working, but this definitely falls outside the scope of what I would consider to be supported :)  I modified the OP accordingly. If you would like to start a new guide of your own specific to PIA I'd be happy to link to that.

Link to comment
  • 3 weeks later...

Hey everyone. So i am trying to get the Dynamix Wireguard Plugin to work, to have my unraid server only communicate internet traffic through my vpn. I got everything work with importing the config, and connection is being created., but maybe a little too well. Because when it is up and connected, then i cannot reach the unraid server anymore via LAN, but ALL traffics seems to go through the VPN. I am looking for an option to ignore my lan and input a lan subnet somewhere, but cant figure it out. Anyone able to help ?

unknown.png

Link to comment

I am missing something, as i have tried to add the bridgenetwork to the allowed peers, but then i cant reach my dockers on those ips locally anymore.

 

I am trying to have my dockers, or the whole unraid server route all traffic to the internet through my vpn, but still be able to access all of my unraid server and its dockers as normally via lan.

 

Where am i going wrong :) ?

 

BR Apil

Link to comment

Hi @Apil,

 

The ONLY way I could get PIA to work is to use their custom install script (located here). If you read back through my posts here you will see I tried a number of other things, which did not work. The script is VERY easy to use. Watch the video and readme.md

 

All that said, I have what (I think) you are to accomplish working well. I did have to use the PIA script though. I have a static VPN from my one server to theirs and am still able to access everything locally, just as if I did not have the tunnel running.

 

One thing I did notice in your post is that you have a "PEER" and do not need (and should not have) setup. The PIA script makes the connection in the background and ALL you need to do is create the "TUNNEL" i.e. "wg0"... and turn it on :) (NOTE: you may need to turn it off and on twice to get the GUI to refresh with PIA assignment).

 

Additionally, create the "TUNNEL", under SETTINGS > VPN MANGER first before running the PIA script.

 

Lastly, if you restart/shutdown (or stop the array), you MUST rerun the PIA script again.

 

All I have to share. Once I/we (the Community) figured it out, it just works!

I work a LOT right now and have limited time to get here and have some fun, so if you post a question back, it could be some time until I can reply... sorry.

 

I have faith you can make this work fellow 'Raider'!

Link to comment

Hi @ljm42,

 

I am flattered you would suggest I help with my own thread about the PIA tunneled access! 🤓

 

If I had the time I would (assuming I had anything to offer), but I am afraid I would upset more folks than help. My reply could be weeks out and I am still what I consider to be a noob. I will however, do what I can when I have to come here and hang out!

 

(Note: I just have not gotten around to changing LE over to Swag yet)

Having said that, I have a question for you. I have been trying to get LetsEncrypt to work under this Wireguard application. I can ping from the cli of the server AND LetsEncrypt. However, I cannot get Nextcloud to work.

 

If I disable the VPN, everything works perfect. As soon as I spin-up the VPN, everything on the 'user-created' Network fails. So, do you know if Wireguard and LetsEncrypt can work together?

 

Thanks again for the assist with PIA tunnel 👍

Link to comment

I got TorGuard to work with Unraid using the TorGuard configuration utility at.

 

https://torguard.net/tgconf.php?action=vpn-openvpnconfig

 

For it to work you have to have a TorGuard account and need to be logged in to their web site.

 

It generates a config file.  Click on VPN Manager in settings and click on import tunnel and select config file that TorGuard website generated Make sure you edit the DNS of the file to  8.8.8.8 by default it creates a DNS 1.1.1.1 which does not work

 

# TorGuard WireGuard Config
[Interface]
PrivateKey = keygoeshere=
ListenPort = 51820
DNS = 8.8.8.8
Address = 10.13.90.113/24

[Peer]
PublicKey = keygoeshere=
AllowedIPs = 0.0.0.0/0
Endpoint = 91.219.212.242:1443
PersistentKeepalive = 25

Link to comment
  • 2 weeks later...

I would like to have wireguard setup to certain VMs (and maybe some dockers but no use case for this right now) connect to the internet ONLY through a VPN like mullvad and other VMs and existing dockers connect without the VPN.

 

I read the thread but I was a little confused about whether that was possible by the end. Basically I want to offload VPN connections to a single configuration location instead of having to set it up on every potential client.

Link to comment
  • 1 month later...

After reading most threads here and on the interweb that seemed relevant, I'm still unsure if what I want to achieve is even possible.  So hoping someone here knows.

 

My unraid server as 2 NICs, eth0 and eth1.  Eth1 is setup on a separate vlan and is bridged (br1) with all dockers having their own IP address on the br1 bridge.

 

Is it possible to route all internet traffic on the vlan/br1/eth1/second NIC through a Wireguard tunnel to my VPN provider?

 

@TechMed would it be possible for you to paste screenshots of your config?  You've got going what I failed at last night as part 1 of my testing

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.