ljm42 Posted March 29, 2020 Author Share Posted March 29, 2020 On 3/12/2020 at 1:39 PM, sittingmongoose said: I have wireguard working well. I can connect to my unraid network, and access things like my router on that network. I set it up for Remote Access to LAN. HOWEVER, I cant access other computers on that network? Like in windows, if I try to see network devices, I cant see my unraid server on there. But I can see my local NAS and other devices. AND when I am physically on my Unraid network, I can see the Unraid server in network devices. It is unlikely that network discovery will work over the VPN connection, but you should be able to connect via IP address. The WireGuard quickstart thread is a better place for this conversation: https://forums.unraid.net/topic/84226-wireguard-quickstart/ Currently you are in the thread that discusses making a connection to a commercial VPN provider. Quote Link to comment
thunderclap Posted April 1, 2020 Share Posted April 1, 2020 I guess I'm a little confused. By using the VPN Tunneled method, how do I set which dockers should use the VPN? There isn't a port number as far as I can tell, and I don't want every docker or the full Unraid server to be on the VPN. Quote Link to comment
ljm42 Posted April 2, 2020 Author Share Posted April 2, 2020 4 hours ago, thunderclap said: I guess I'm a little confused. By using the VPN Tunneled method, how do I set which dockers should use the VPN? There isn't a port number as far as I can tell, and I don't want every docker or the full Unraid server to be on the VPN. From the OP: Quote Now ALL of your Unraid traffic will go through the commercial VPN tunnel. In the future it may be possible to restrict it so that only specific Dockers use the VPN tunnel. Until then, you may need to disable the tunnel in order to check for plugin updates or perform other Unraid administrative tasks. 1 Quote Link to comment
xPliZit_xs Posted August 11, 2020 Share Posted August 11, 2020 Hi, running 6.8.3 and recently went into Settings/VPN-Manager. I have a WG0 Tunnel already but i created WG1 out of curiosity.... The problem is that i cannot delete WG1 because the button to delete is not in the GUI for WG1 but it there for WG0. Thanks, hopefully this can be fixed. Quote Link to comment
ljm42 Posted August 13, 2020 Author Share Posted August 13, 2020 On 8/11/2020 at 7:49 AM, xPliZit_xs said: Hi, running 6.8.3 and recently went into Settings/VPN-Manager. I have a WG0 Tunnel already but i created WG1 out of curiosity.... The problem is that i cannot delete WG1 because the button to delete is not in the GUI for WG1 but it there for WG0. Thanks, hopefully this can be fixed. Switch wg1 from basic to advanced, then the delete button for wg1 will appear. 1 Quote Link to comment
xPliZit_xs Posted August 16, 2020 Share Posted August 16, 2020 Great that worked. Thanks! Quote Link to comment
Phil Shaw Posted August 17, 2020 Share Posted August 17, 2020 Hi. I’ve got wireguard VPN to work and tested with a docker in Unraid. But, how do I get a VM to use the same VPN connection? Windows VM uses br0 which goes straight out to LAN. Also what happens if the VPN goes down? I’m hoping it kills all net connection. Thanks Phil. Quote Link to comment
notcarl Posted August 17, 2020 Share Posted August 17, 2020 On 1/8/2020 at 9:04 PM, Monkeysphere said: Hi, How do I go about adding the above to my Wireguard config? Same question with a killswitch. I'm using Mullvad which provides a killswitch in their config file but when I import the config the parser removes it. The Mulvad config looks like this [Interface] PrivateKey = -hidden- Address = 10.64.246.232/32,fc00:bbbb:bbbb:bb01::1:f6e7/128 DNS = 193.138.218.74 PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT [Peer] PublicKey = -hidden- AllowedIPs = 0.0.0.0/0,::0/0 Endpoint = 103.231.88.2:51820 Once imported it looks like this [Interface] PrivateKey= -hidden- Address=10.64.246.232 PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started' PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped' [Peer] PublicKey= -hidden- Endpoint=103.231.88.2:51820 AllowedIPs=0.0.0.0/0,::0/0 Also note that unless I manually remove ,::0/0 from the allowed IPs the tunnel will not connect Piggybacking on this. I am having the same exact issue with mullvad. It will start if I remove ,::0/0. This will forward all ipv4 connections but leaves all ipv6 exposed. This isn't an issue while running in the bridge network but for containers using the host container they will still use ipv6. Is there going to be a patch that allows us to forward both ipv4 and ipv6 soon? Quote Link to comment
MammothJerk Posted August 23, 2020 Share Posted August 23, 2020 I'm also using Mullvad and running into the same issue as Monkeysphere and notcarl I also had a question, is it possible to have "Remote tunneled access" and "VPN tunneled access" at the same time? i always want my unraid box to connect to the internet via my VPN but i also wanna be able to connect to my LAN remotely, and also take advantage of the VPN. Is this possible? the "Remark: this must be the only peer in the tunnel and sole active tunnel when in use" on VPN tunneled access seem to indicate this is currently not possible, but would it be feasible to implement? Quote Link to comment
leo_poldX Posted September 24, 2020 Share Posted September 24, 2020 im coming here because of: Quote Now ALL of your Unraid traffic will go through the commercial VPN tunnel. In the future it may be possible to restrict it so that only specific Dockers use the VPN tunnel. Until then, you may need to disable the tunnel in order to check for plugin updates or perform other Unraid administrative tasks. you can disable the full routing by adding Table = off to the [Interface] Section! Credits to https://shibumi.dev/posts/disable-routing-for-wireguard/ i deleted my tunnel, edited the conf file by adding the "Table=off" statement and import again. Now i have a persistent Tunnel to my VPS, and can access this tunnel by selecting the interface like this: # got my isp ip curl ipinfo.io/ip # got my vps ip curl --interface wg1 ipinfo.io/ip Quote Link to comment
Michael Kaaber Posted October 23, 2020 Share Posted October 23, 2020 On 9/24/2020 at 3:06 PM, leo_poldX said: im coming here because of: you can disable the full routing by adding Table = off to the [Interface] Section! Credits to https://shibumi.dev/posts/disable-routing-for-wireguard/ i deleted my tunnel, edited the conf file by adding the "Table=off" statement and import again. Now i have a persistent Tunnel to my VPS, and can access this tunnel by selecting the interface like this: # got my isp ip curl ipinfo.io/ip # got my vps ip curl --interface wg1 ipinfo.io/ip Can you use the “—interface wg1” in a docker to only route that docker trough the tunnel? Quote Link to comment
Michael Kaaber Posted October 25, 2020 Share Posted October 25, 2020 Is it possible to use Mullvad as a relay to connect to my server at work? I have an unRAID server at my office at University of Copenhagen - I do not have access to the University router. I have setup a 'VPN tunneled access' to Mullvad. I works fine - I have installed the Firefox container and testet that I am connected the to Internet through Mullvad. I have installed the Mullvad VPN on a Windows 10 laptop. From the laptop I can connect to the same Mullvad server as the unRAID server at work is connected to. From the laptop connected to Mullvad I have tried to connect to my server at work. Tried to ping the server local static address - Tried to ping the server tunnel ip etc. but there is no connection. Is there a trick to make this work - maybe some port setup at Mullvad or maybe with another 'Peer type of access' on the server? Quote Link to comment
timmyx Posted January 15, 2021 Share Posted January 15, 2021 (edited) These may be entry-level type of questions but I'm looking into learning a thing or two here, please bear with me I want to tunnel into my unraid on my mobile device with WG setup from the other topic AND have my traffic routed through my commercial VPN account (TorGuard -- which also supports WG). By following this topic (hence Now ALL of your Unraid traffic will go through the commercial VPN tunnel.), and setting peer type of access to Remote tunneled access, does it mean that all traffic from my mobile will be guarded by Torguard? Is there any real difference from this method and the method of using the "-vpn" docker types from CA to protect my traffic? (aside of course from this tutorial not being a VPN protocol but WG protocol) -- I ask because I use most "-vpn" docker containers and those unavailable with native VPN I just use that privoxy --net=container:qbittorrent-vpn argument, and setting up the WG from this topic seems like a much easier setup than to configure every last container either as VPN or privoxy Thanks, any support is really appreciated Edited January 15, 2021 by timmyx 1 Quote Link to comment
Bullerwins Posted February 4, 2021 Share Posted February 4, 2021 I managed to install Mullvad as a VPN on unraid. But is there any way now to remotely connect to unraid server? as now everything goes through mullvad 1 Quote Link to comment
intoran Posted February 15, 2021 Share Posted February 15, 2021 On 2/4/2021 at 4:09 AM, Bullerwins said: I managed to install Mullvad as a VPN on unraid. But is there any way now to remotely connect to unraid server? as now everything goes through mullvad Having this same issue. Any way around this? 1 Quote Link to comment
KidsTheseDays Posted February 20, 2021 Share Posted February 20, 2021 (edited) I'm in the exact same situation as the previous two posters @Bullerwins and @intoran Successfully set up a "VPN tunneled access" Wireguard connection with a Mullvad server, but no handshake occurs when I create a tunnel to access remotely. I also attempted to remove the Mullvad tunnel and ONLY add the remote access tunnel, and I was unable to handshake from the Wireguard app on my phone. If both are not currently possible could someone please confirm? I'm a novice to Unraid but the forums are excellent for support, which is really appreciated. I currently am subscribed to AT&T fiber which supposedly does not support UPnP, but I think I have correctly forwarded ports. I am attempting to use ZeroTier instead but I don't have any luck when I try accessing a service. Please let me know if there is any information from me that would help, or if anyone has alternatives. Thank you! Edit: I'm running Unraid 6.9.0-rc2, in order to use nvidia-drivers plugin Edited February 20, 2021 by KidsTheseDays Repeat sentences and more info Quote Link to comment
ljm42 Posted February 22, 2021 Author Share Posted February 22, 2021 Hopefully folks are able to see this message in the webgui when setting up VPN tunneled access? Things won't work right if you start a second tunnel while "VPN tunneled access" is active. 1 Quote Link to comment
KidsTheseDays Posted February 24, 2021 Share Posted February 24, 2021 (edited) Thanks for the response ljm42! I actually figured out the issue, which of course was a simple user-error on my part. I was trying to forward ports from my router, when I should have opened a port with my VPN who provides a random number that I entered into the "Local endpoint:" field as "hostname.dynamicdns.org:55555" with 55555 as an example of the provided port. I then removed and updated the tunnel on my mobile device client and voila, handshake successful and active, even when the server is already tunneled to my VPN. This is such an excellent feature. My Unraid trial is expiring soon and I am happy to support its further development. Edit: To clarify, this was setting up a "Remote tunnel access" peer to access services and files on the server, while using a separate "VPN tunneled access" peer for the server's internet access. Edited February 24, 2021 by KidsTheseDays More info 1 Quote Link to comment
intoran Posted March 2, 2021 Share Posted March 2, 2021 On 2/24/2021 at 12:46 PM, KidsTheseDays said: Thanks for the response ljm42! I actually figured out the issue, which of course was a simple user-error on my part. I was trying to forward ports from my router, when I should have opened a port with my VPN who provides a random number that I entered into the "Local endpoint:" field as "hostname.dynamicdns.org:55555" with 55555 as an example of the provided port. I then removed and updated the tunnel on my mobile device client and voila, handshake successful and active, even when the server is already tunneled to my VPN. This is such an excellent feature. My Unraid trial is expiring soon and I am happy to support its further development. Edit: To clarify, this was setting up a "Remote tunnel access" peer to access services and files on the server, while using a separate "VPN tunneled access" peer for the server's internet access. Based on this I would be unable to achieve what I'm looking for since my VPN provider doesn't provide port forwarding. At least for free. Quote Link to comment
Miss_Sissy Posted April 16, 2021 Share Posted April 16, 2021 (edited) Dual-homed Unraid NAS (version 6.9.2) with WireGuard (plugin version 2021.04.12) tunnels on each of the two Ethernet adapters? I have an Unraid NAS with two Ethernet adapters. One adapter connects to a Verizon FIOS residential network segment (192.168.1.0/24) and the other connects to a Cox Business Services network segment (192.168.0.0/24). I would like to have WireGuard VPN tunnels on both of the Unraid NAS Ethernet adapters so that I can remotely tunnel in on either network connection (think failure of a router, firewall, cable modem, ONT, etc.). I can't see a way to bind tunnel wg0 to eth 0 and tunnel wg1 to eth 1. It appears that the WireGuard plugin attaches any tunnel created to the Ethernet adapter attached to the gateway with the lower metric. If a VPN tunnel is established on the Cox Business Services Ethernet adapter (eth 0), I want WireGuard to use the Cox gateway associated with that adapter. If it comes in on the Verizon side, I want the Verizon gateway used. Thanks in advance for any assistance. Edited April 16, 2021 by Sissy Omitted a word due to an editing error. Quote Link to comment
ljm42 Posted April 16, 2021 Author Share Posted April 16, 2021 13 hours ago, Sissy said: Dual-homed Unraid NAS (version 6.9.2) with WireGuard (plugin version 2021.04.12) tunnels on each of the two Ethernet adapters? I have an Unraid NAS with two Ethernet adapters. One adapter connects to a Verizon FIOS residential network segment (192.168.1.0/24) and the other connects to a Cox Business Services network segment (192.168.0.0/24). I would like to have WireGuard VPN tunnels on both of the Unraid NAS Ethernet adapters so that I can remotely tunnel in on either network connection (think failure of a router, firewall, cable modem, ONT, etc.). I can't see a way to bind tunnel wg0 to eth 0 and tunnel wg1 to eth 1. It appears that the WireGuard plugin attaches any tunnel created to the Ethernet adapter attached to the gateway with the lower metric. If a VPN tunnel is established on the Cox Business Services Ethernet adapter (eth 0), I want WireGuard to use the Cox gateway associated with that adapter. If it comes in on the Verizon side, I want the Verizon gateway used. Thanks in advance for any assistance. To clarify, you posted in the thread that explains how to connect to commercial VPN providers. Is that what you are trying to do? If you are trying to connect from outside your home into your Unraid system please post this question here: https://forums.unraid.net/topic/84229-dynamix-wireguard-vpn/ I don't know if the plugin supports your use case or not 1 Quote Link to comment
Miss_Sissy Posted April 16, 2021 Share Posted April 16, 2021 21 minutes ago, ljm42 said: To clarify, you posted in the thread that explains how to connect to commercial VPN providers. Is that what you are trying to do? Thank you. Based on the title of the thread, "WIREGUARD - VPN TUNNELED ACCESS," it appeared to be about the topic I was interested in -- tunneled access to my networks via WireGuard. I will repost my question at the link you provided. Quote Link to comment
ljm42 Posted April 16, 2021 Author Share Posted April 16, 2021 2 hours ago, Sissy said: Thank you. Based on the title of the thread, "WIREGUARD - VPN TUNNELED ACCESS," it appeared to be about the topic I was interested in -- tunneled access to my networks via WireGuard. I will repost my question at the link you provided. Good point. "VPN Tunneled Access" is one of the options in the "Peer type of access" dropdown, so it made sense at the time I renamed the thread to make it more clear 1 Quote Link to comment
TechMed Posted April 17, 2021 Share Posted April 17, 2021 Greetings - read every post here and found nothing regarding PIA. Since I have a good bit of time left with them I would really like to get it setup with them. However, I am open to other providers if there is more secure option! Finally, @ljm42 posted: On 2/22/2021 at 3:00 PM, ljm42 said: Hopefully folks are able to see this message in the webgui when setting up VPN tunneled access? Things won't work right if you start a second tunnel while "VPN tunneled access" is active. This may answer my second question. I am fine with all my traffic from this particular Unraid server (server01) going through PIA VPN. I would like to be able to remote IN to my LAN though. Do I just install WireGuard on another server (server02) for that Peer Connection? As always, all feedback/directions are greatly appreciated! Quote Link to comment
ljm42 Posted April 20, 2021 Author Share Posted April 20, 2021 On 4/16/2021 at 10:22 PM, TechMed said: Greetings - read every post here and found nothing regarding PIA. Since I have a good bit of time left with them I would really like to get it setup with them. However, I am open to other providers if there is more secure option! There shouldn't really need to be provider-specific instructions. If PIA lets you download a standard WireGuard config file then you should be able to import it as discussed in the first post of this thread. Note that if a provider requires you to use their own custom app rather than the standard WireGuard app, they won't work with Unraid as it uses the standard WireGuard app for linux. If you can confirm that PIA works I'll add them to the list on the first post. On 4/16/2021 at 10:22 PM, TechMed said: I am fine with all my traffic from this particular Unraid server (server01) going through PIA VPN. I would like to be able to remote IN to my LAN though. Do I just install WireGuard on another server (server02) for that Peer Connection? That sounds reasonable Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.