BoarAnt Posted November 12, 2019 Share Posted November 12, 2019 7 minutes ago, bonienl said: Yes, you are right. The import parser went wrong on the comment statement(s). I have made an update with the fix. Thanks. Awesome. I just tried it with the original version and it imports fine. Thanks for the quick turnaround! Quote Link to comment
bonienl Posted November 12, 2019 Share Posted November 12, 2019 I made another update, version 2019.11.12c 2 Quote Link to comment
suRe Posted November 28, 2019 Share Posted November 28, 2019 Hey, in your start post, it says "VPN tunneled access - In the future it may be possible to restrict it so that only specific Dockers use the VPN tunnel". Is there an ETA on that topic? I really want to tunnel my radarr/sabnzbd dockers through VPN 🙂 1 Quote Link to comment
Dataone Posted December 2, 2019 Share Posted December 2, 2019 (edited) On 11/28/2019 at 1:58 PM, suRe said: Hey, in your start post, it says "VPN tunneled access - In the future it may be possible to restrict it so that only specific Dockers use the VPN tunnel". Is there an ETA on that topic? I really want to tunnel my radarr/sabnzbd dockers through VPN 🙂 As long as your docker containers are using the bridged network option, they will be routed through the vpn. You can verify this by going into a docker container's shell and typing the below text. (Assuming that the docker has curl) curl https://ipinfo.io/ip Edited December 2, 2019 by Dataone Quote Link to comment
stealthymocha Posted December 3, 2019 Share Posted December 3, 2019 Hi, I am using Mullvad, because my ISP does not allow any port forwarding (for jellyfin and other services). I have port forwarded in Mullvad, it worked fine on Windows before with the Wireguard app, but it does not work work here (tested with iperf). Is there problem with my settings? Or is there some workaround? Quote Link to comment
Dataone Posted December 3, 2019 Share Posted December 3, 2019 1 hour ago, stealthymocha said: Hi, I am using Mullvad, because my ISP does not allow any port forwarding (for jellyfin and other services). I have port forwarded in Mullvad, it worked fine on Windows before with the Wireguard app, but it does not work work here (tested with iperf). Is there problem with my settings? Or is there some workaround? I know that this is the trick for Plex, but you may be able to do the same with the jellyfin ports. PostUp = iptables -t nat -I PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port) PreDown = iptables -t nat -D PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port) Quote Link to comment
stealthymocha Posted December 4, 2019 Share Posted December 4, 2019 (edited) 23 hours ago, Dataone said: I know that this is the trick for Plex, but you may be able to do the same with the jellyfin ports. PostUp = iptables -t nat -I PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port) PreDown = iptables -t nat -D PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port) Thank you, but it does not seem to be working. I think I'll just reverse proxy from raspberry pi with openvpn. EDIT: OK, i feel stupid. Looks like it was the usual solution: Turn system off and then on again. After reboot, port forwarding works. Edited December 4, 2019 by stealthymocha solution Quote Link to comment
suRe Posted December 6, 2019 Share Posted December 6, 2019 On 12/2/2019 at 1:53 AM, Dataone said: As long as your docker containers are using the bridged network option, they will be routed through the vpn. You can verify this by going into a docker container's shell and typing the below text. (Assuming that the docker has curl) curl https://ipinfo.io/ip Oh, this is perfect. So all "bridged" dockers will route through vpn, and any "custom" docker network adapters, e.g. Container using ReverseProxy adapter will be reachable through normal ISP IP? Have not updated to RC Versions yet, so i can't test it on my own. Quote Link to comment
Dataone Posted December 6, 2019 Share Posted December 6, 2019 11 minutes ago, suRe said: Oh, this is perfect. So all "bridged" dockers will route through vpn, and any "custom" docker network adapters, e.g. Container using ReverseProxy adapter will be reachable through normal ISP IP? Have not updated to RC Versions yet, so i can't test it on my own. At least by default I assume so, yes. My containers using bridged all go through the vpn and all containers using br0 use my home network. I'm sure you can set some iptable/routing rules to modify this if you liked though Quote Link to comment
Carlos Talbot Posted December 11, 2019 Share Posted December 11, 2019 On 12/6/2019 at 2:52 PM, Dataone said: At least by default I assume so, yes. My containers using bridged all go through the vpn and all containers using br0 use my home network. I'm sure you can set some iptable/routing rules to modify this if you liked though @Dataone may I ask how you've configured the field "Peer allowed IPs" in your wireguard settings? By default it's set to 0.0.0.0 which routes all traffic on the UnRaid server through the vpn tunnel. I assume you've restricted it to just the docker containers on the bridge? Also, do you know how to block traffic for those selected dockers if the vpn link goes down? Thanks. Quote Link to comment
Jeffarese Posted December 13, 2019 Share Posted December 13, 2019 On 10/16/2019 at 6:57 AM, ljm42 said: In the future it may be possible to restrict it so that only specific Dockers use the VPN tunnel. Until then, you may need to disable the tunnel in order to check for plugin updates or perform other Unraid administrative tasks. Any aproximation to when is this going to be possible aprox? This would be the killer feature, since routing ALL the traffic seems like a little bit too much. Thanks! Quote Link to comment
Jeffarese Posted December 13, 2019 Share Posted December 13, 2019 On 12/6/2019 at 9:52 PM, Dataone said: At least by default I assume so, yes. My containers using bridged all go through the vpn and all containers using br0 use my home network. I'm sure you can set some iptable/routing rules to modify this if you liked though In my setup, containers using custom networks still go through the vpn 😕 Quote Link to comment
bonienl Posted December 13, 2019 Share Posted December 13, 2019 4 hours ago, Jeffarese said: Any aproximation to when is this going to be possible aprox? Difficult to say, because it is unclear / not possible yet, how to do this with WireGuard. Quote Link to comment
Monkeysphere Posted January 9, 2020 Share Posted January 9, 2020 On 12/4/2019 at 5:33 AM, Dataone said: I know that this is the trick for Plex, but you may be able to do the same with the jellyfin ports. PostUp = iptables -t nat -I PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port) PreDown = iptables -t nat -D PREROUTING -p tcp --dport *external port* -j REDIRECT --to-ports 32400 (internal plex port) Hi, How do I go about adding the above to my Wireguard config? Same question with a killswitch. I'm using Mullvad which provides a killswitch in their config file but when I import the config the parser removes it. The Mulvad config looks like this [Interface] PrivateKey = -hidden- Address = 10.64.246.232/32,fc00:bbbb:bbbb:bb01::1:f6e7/128 DNS = 193.138.218.74 PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT [Peer] PublicKey = -hidden- AllowedIPs = 0.0.0.0/0,::0/0 Endpoint = 103.231.88.2:51820 Once imported it looks like this [Interface] PrivateKey= -hidden- Address=10.64.246.232 PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started' PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped' [Peer] PublicKey= -hidden- Endpoint=103.231.88.2:51820 AllowedIPs=0.0.0.0/0,::0/0 Also note that unless I manually remove ,::0/0 from the allowed IPs the tunnel will not connect 1 1 Quote Link to comment
hdlineage Posted January 14, 2020 Share Posted January 14, 2020 Hello I have a question regarding connecting to multiple servers on Windows. The wireguard client on Windows only allows one connection at a time. Is there a way to establish two connections with two separate interfaces? I have two servers on two different subnets and I can't seem to find a way to connect them simultaneously. There is also very little documentation on the windows client. Quote Link to comment
Dataone Posted January 14, 2020 Share Posted January 14, 2020 On 1/9/2020 at 3:04 AM, Monkeysphere said: Hi, How do I go about adding the above to my Wireguard config? Same question with a killswitch. I'm using Mullvad which provides a killswitch in their config file but when I import the config the parser removes it. The Mulvad config looks like this [Interface] PrivateKey = -hidden- Address = 10.64.246.232/32,fc00:bbbb:bbbb:bb01::1:f6e7/128 DNS = 193.138.218.74 PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT [Peer] PublicKey = -hidden- AllowedIPs = 0.0.0.0/0,::0/0 Endpoint = 103.231.88.2:51820 Once imported it looks like this [Interface] PrivateKey= -hidden- Address=10.64.246.232 PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started' PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped' [Peer] PublicKey= -hidden- Endpoint=103.231.88.2:51820 AllowedIPs=0.0.0.0/0,::0/0 Also note that unless I manually remove ,::0/0 from the allowed IPs the tunnel will not connect You'll need to manually edit the config file after importing it (but make sure it isn't active), as I assume that the plugin ignores everything but the keys etc and generates a config on it's own Quote Link to comment
hdlineage Posted January 14, 2020 Share Posted January 14, 2020 Multiple interfaces/connections on Windows client. Hello I have a question regarding connecting to multiple servers on Windows. The wireguard client on Windows only allows one connection at a time. Is there a way to establish two connections with two separate interfaces? I have two servers on two different subnets and I can't seem to find a way to connect them simultaneously. There is also very little documentation on the windows client. Quote Link to comment
trurl Posted January 14, 2020 Share Posted January 14, 2020 6 minutes ago, hdlineage said: Hello I have a question regarding connecting to multiple servers on Windows. You have asked this question on 2 different threads. I have split this into the thread you originally asked it on so the responses can be coordinated. Quote Link to comment
Monkeysphere Posted January 17, 2020 Share Posted January 17, 2020 @Dataone thanks, I ended up doing that manually just before you messaged back. It worked in the sense that the rules must have loaded but they must have also been incorrect because it locked me out of the server GUI and I had to reboot. Not sure if the connection worked though. I'm setting up an IP Fire firewall today so I will probably just use that for the killswitch. Quote Link to comment
piajesse Posted January 30, 2020 Share Posted January 30, 2020 So, I got a weird/cool idea I'm trying to work on, I bought a VPS from OVH with a failover IP, and I'm trying to route that public failover ip to the server, that way I can get a publicly static and route-able (I'm gonna have a network with multiple sites VPNed together with wireguard :D), so far I can ping the server through the failover ip from my local network (have a static route pointing to the server) and the VPS, but not from the public internet, anyone got any idea on how to fix that? I can assign the IP to the VPS and it does work there... Let me know what kind of logs/configs would be helpful and I'll post them. Quote Link to comment
Sptz Posted February 1, 2020 Share Posted February 1, 2020 I have a couple of questions regarding this. Do Dockers still update whilst being routed through the VPN tunnel using Wireguard? And how would one go about tunneling back from out of the network to a VM? As in, how would you connect to the specific tunnel running in Unraid? Quote Link to comment
Carlos Talbot Posted February 14, 2020 Share Posted February 14, 2020 (edited) Has anyone figured out how to route only a subset of docker containers through the VPN? This seems to be of interest for many of us but I haven't seen a step by step guide on how it would be implemented. Thanks. Edited February 18, 2020 by Carlos Talbot 3 Quote Link to comment
mrknownothing Posted March 10, 2020 Share Posted March 10, 2020 On 1/8/2020 at 10:04 PM, Monkeysphere said: Also note that unless I manually remove ,::0/0 from the allowed IPs the tunnel will not connect Was attempting to set up Mullvad as well, and ran into the same issue. When i would leave the VPN settings page, and returning, the Active slider would become Inactive every time. After manually removing the ,::0/0 it's up and running. 2 Quote Link to comment
sittingmongoose Posted March 12, 2020 Share Posted March 12, 2020 I have wireguard working well. I can connect to my unraid network, and access things like my router on that network. I set it up for Remote Access to LAN. HOWEVER, I cant access other computers on that network? Like in windows, if I try to see network devices, I cant see my unraid server on there. But I can see my local NAS and other devices. AND when I am physically on my Unraid network, I can see the Unraid server in network devices. Any help would be greatly appreciated. Quote Link to comment
Squiggley Posted March 27, 2020 Share Posted March 27, 2020 On 1/9/2020 at 3:04 AM, Monkeysphere said: Also note that unless I manually remove ,::0/0 from the allowed IPs the tunnel will not connect Amazing I spent ages trying to get this to work and this is what was wrong. Removing ,::0/0 sorted it. thanks for sharing 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.