bpage Posted December 10, 2019 Share Posted December 10, 2019 I am trying to figure out why wireguard isn't working. unRAID: 6.8.0-rc9 Router: pfSense with port 51829 forwarded to local ip of unRAID I have vpn.mydomain.com forwarded to my WAN address. Using the wireguard plugin, i generated a tunnel and generated a client with remote access to lan. I used the iOS Mobile app to scan the config from the server. The iOS app "activates" and I can see small amounts of data sent and data received but no handshake occurs, and nothing is asseciable over the tunnel. My server has a Ethernet bond that is set to bridge. Maybe network adjustments need to be made at the pfsense level? Configs are attached. Quote Link to comment
charlescc1000 Posted December 30, 2019 Share Posted December 30, 2019 (edited) I'm having the same issue. I setup WG VPN on my Unraid server. My router has UPnP turned off, so I setup the port forward to my unraid server. Went through all the steps on this guide created by user ljm42. I left "Local server uses NAT" set to "yes." Not sure too much of what this means, this might be relating to my problem. Setup a peer as peer type "Remote access to LAN" Used the QR Code method to setup this config on my iPhone. Tried to connect to my Unraid VPN using my iPhone (while on cellular) iPhone network works fine (its using LTE without VPN). Cannot connect to Unraid WebUI or anything else on my local LAN. Unraid dashboard shows some data in/out but shows handshake as "not received" I can't figure out why the iPhone and Unraid can't seem to handshake with each other. Sorry I don't have any help for you, but figured I'd share that I'm experiencing the same problem. Edit: Should also include my router is an EdgeRouter X-SFP and I have duckdns DDNS setup on my unraid already but figured for simplicity sake, not to enter my DDNS into the WG VPN setup until I could get it working with the automatically entered public IP. Edited December 30, 2019 by charlescc1000 Quote Link to comment
BurntOC Posted August 12, 2020 Share Posted August 12, 2020 Did you guys ever figure this out? I have 2 Unraid servers and a Pi I'm testing Wireguard on. One Unraid server and the Pi work fine, but the other Unraid shows data sent and received but Last handshake says never, unlike the others. The setup otherwise looks the same to me. Quote Link to comment
Banuseka Posted February 16, 2021 Share Posted February 16, 2021 (edited) I got it figured !!! I have two nics on my mobo and couln't get "remote tunneled access" to work (no internet, no local access, just some in/out/ data but no handshake) with root@Tower:~# ip route default via 192.168.2.1 dev br1 10.253.0.2 dev wg0 scope link 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 172.18.0.0/16 dev br-8352ee8270e2 proto kernel scope link src 172.18.0.1 linkdown 192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.200 192.168.2.0/24 dev br1 proto kernel scope link src 192.168.2.201 i found that my main IP of unraid that I forwarded the UDP port to was not in use by wireguard, but the second IP I had. Thus I just switched the portforwarding from the main IP to the secondary IP and now everything ist working like a charme. Best, Banu Edited February 16, 2021 by Banuseka added extra code Quote Link to comment
ljm42 Posted February 16, 2021 Share Posted February 16, 2021 11 hours ago, Banuseka said: i found that my main IP of unraid that I forwarded the UDP port to was not in use by wireguard, but the second IP I had. Thus I just switched the portforwarding from the main IP to the secondary IP and now everything ist working like a charme. You really shouldn't have two un-bonded nics plugged into the same network. Networking isn't meant to work that way, you could have any number of random, hard to track down problems in the future. Quote Link to comment
Banuseka Posted February 17, 2021 Share Posted February 17, 2021 12 hours ago, ljm42 said: You really shouldn't have two un-bonded nics plugged into the same network. Networking isn't meant to work that way, you could have any number of random, hard to track down problems in the future. Good call ! Now switched to Bonding (balanced-rr). guess this is better. THX for the advice! Quote Link to comment
ljm42 Posted February 17, 2021 Share Posted February 17, 2021 10 hours ago, Banuseka said: Good call ! Now switched to Bonding (balanced-rr). guess this is better. THX for the advice! Cool. I am not an expert with this, but note that your switch also has to be configured to support this type of bond. I found some info here: https://wiki.linuxfoundation.org/networking/bonding#switch_configuration If your switch does not support "balanced-rr" or isn't specifically configured for it, the "active-backup" bond is probably best. Quote Link to comment
Banuseka Posted February 20, 2021 Share Posted February 20, 2021 (edited) On 2/17/2021 at 10:10 PM, ljm42 said: Cool. I am not an expert with this, but note that your switch also has to be configured to support this type of bond. I found some info here: https://wiki.linuxfoundation.org/networking/bonding#switch_configuration If your switch does not support "balanced-rr" or isn't specifically configured for it, the "active-backup" bond is probably best. Yh, thx! Figured that as well:) luckily my switch supports LAG and the modes:) Edited February 20, 2021 by Banuseka 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.