charredresistors Posted February 14, 2023 Share Posted February 14, 2023 Hello all, I have been having a tough time getting internet access with Wireguard. My Wireguard setup is as follows: On my router I have a static route from the 10.253 network to the server IP. I also have port 51820 forwarded to the server. When I turn on wireguard, I can access everything on my 192.xxx.x.x network, but cannot access the internet at large. Here's showing that I have access to the router, and that the traceroute stops at the router. Any help would be appreciated. Quote Link to comment
GNET Posted December 29, 2023 Share Posted December 29, 2023 Why is my allowed IPs showing 0.0.0.0/0 on the Peer configuration: AllowedIPs=0.0.0.0/0? VPN is connected but I can not browse the internet. Quote Link to comment
Jobine Posted January 26 Share Posted January 26 Question... Everything works good with my iphone with 5G ou LTE. If I'm on the hotel wifi, nothing work. Any idea ? Thank, Quote Link to comment
axipher Posted January 27 Share Posted January 27 4 hours ago, Jobine said: Question... Everything works good with my iphone with 5G ou LTE. If I'm on the hotel wifi, nothing work. Any idea ? Thank, I've had that too at local pools and sporting centers while on their Free WiFi. Seems to be them blocking out-going connections on certain ports, I've had luck adding some different port mappings and switching between them, but it's a pain and normally I just revert back to my LTE. Quote Link to comment
downdrown Posted February 27 Share Posted February 27 You folks just saved my day! I had the same issue with setting up VMs and PiHole in Docker, thanks a lot! Quote Link to comment
ijuarez Posted February 29 Share Posted February 29 I just tried this and I got to give it up to whoever implemented this. It was easy and far all I had to do was port forward a port. very easy Quote Link to comment
hathi_ndg Posted March 20 Share Posted March 20 How may I setup the built-in Wireguard VPN server feature so that my qbittorrent traffic goes through it and remains hidden from outside eyes? For the life of me I've been searching for weeks and can't find a clear answer thanks so much for any help! Quote Link to comment
trurl Posted March 20 Share Posted March 20 1 hour ago, hathi_ndg said: traffic goes through it and remains hidden from outside eyes? This requires a VPN service outside your network. 1 Quote Link to comment
sonic6 Posted May 3 Share Posted May 3 Hi, it there a place to report a "bug" with wireguard? if i add a IP to "Peer allowed IPs", it won't be shown in the downloadable config: Quote Link to comment
Jobine Posted May 3 Share Posted May 3 On 1/26/2024 at 8:25 PM, axipher said: I've had that too at local pools and sporting centers while on their Free WiFi. Seems to be them blocking out-going connections on certain ports, I've had luck adding some different port mappings and switching between them, but it's a pain and normally I just revert back to my LTE. I'm doing the same thing, but at the cottage the LTE isn't working well, so I'd like to connect via wifi. Quote Link to comment
axipher Posted May 29 Share Posted May 29 On 5/3/2024 at 1:01 PM, Jobine said: I'm doing the same thing, but at the cottage the LTE isn't working well, so I'd like to connect via wifi. Sorry for the delay, I hadn't been to the local pool in a month. To give a tiny update. I have WireGuard on Unraid setup to use port 51821 as the main Local Endpoint port on my WAN IP address. For testing, on my router, I have both external port 51821 forwarded to internal port 52821; AND external port 80 forwarded to internal port 52821. I did the QR code based setup from the WireGuard App on my phone to install the profile and tested that to make sure it works. Then edited the profile and changed the port from 51821 to 80 and tried again while on LTE and it worked. Then at the pool where most other ports I've tried seemingly get blocked, this time the VPN worked fine since. Now there are security concerns about using a well-known public port so I chose to ensure that Wireguard in this case is only being used for DNS to my local PiHole for ad-blocking and no network level access or tunnel is actually in place. And on the majority of days where I don't need that specific VPN access, I leave that port forwarding rule disabled on my router. I'm hoping someone else here can chime in any maybe offer a more elegant of safer solution. I'm not an IT expert, so I have no idea how safe the WireGuard endpoint port is being in the more common range of ports that attackers will typically try to go after. Quote Link to comment
emp83 Posted September 11 Share Posted September 11 (edited) Hello, I need some help. I've been struggling for some time to make wireguard work and I can't. If I run wireguard in docker it works without problems. It seems that the handshake it is ok but the unRAID does not send data. Any help is appreciated. Thank You WireGuard log: wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.253.0.1 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add 10.253.0.2/32 dev wg0 [#] logger -t wireguard 'Tunnel WireGuard-wg0 started';/usr/local/emhttp/webGui/scripts/update_services [#] iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE;iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o vhost0 -j MASQUERADE [#] ip -4 route flush table 200 [#] ip -4 route add default via 10.253.0.1 dev wg0 table 200 [#] ip -4 route add 172.16.1.0/24 via 172.16.1.1 dev br0 table 200 wg-quick down wg0 [#] ip link delete dev wg0 [#] logger -t wireguard 'Tunnel WireGuard-wg0 stopped';/usr/local/emhttp/webGui/scripts/update_services [#] iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE;iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o vhost0 -j MASQUERADE [#] ip -4 route flush table 200 [#] ip -4 route add unreachable default table 200 [#] ip -4 route add 172.16.1.0/24 via 172.16.1.1 dev br0 table 200 Here is my configuration: Edited September 11 by emp83 Quote Link to comment
JorgeB Posted September 11 Share Posted September 11 2 hours ago, emp83 said: I've been struggling for some time to make wireguard work and I can't. I would recommend using Tailscale instead, it runs on top of Wireguard and it's much easier to setup: 1 Quote Link to comment
emp83 Posted September 11 Share Posted September 11 Tailscale it is working but it's a bit complicated, I also manage other friends' servers and they all have the same subnet 192.168.1.1. In Tailscale they are all connected at the same time and the same subnet is causing problems. With WireGuard I can connect when I need to whoever I want. Quote Link to comment
EDACerton Posted September 12 Share Posted September 12 4 hours ago, emp83 said: Tailscale it is working but it's a bit complicated, I also manage other friends' servers and they all have the same subnet 192.168.1.1. In Tailscale they are all connected at the same time and the same subnet is causing problems. With WireGuard I can connect when I need to whoever I want. FYI, unless every friend needs to share their subnet, you can just connect using the Tailscale IPs, the local network doesn't matter. Quote Link to comment
Espressomatic Posted September 20 Share Posted September 20 On 9/11/2024 at 9:00 PM, EDACerton said: FYI, unless every friend needs to share their subnet, you can just connect using the Tailscale IPs I set up Tailscale yesterday using your plugin without reading any guides, and it seems to be working with each of my systems - Unraid servers, Mac, iOS. I plan to hit up some guides and instructions next so I can make purposeful config changes. Is there a process for accessing all resources using original/local subnet/IPs (and FQDN)? I don't really have any desire to look at Tailscale's own IP assignments and would love for access to resources at home to be transparent, no matter where I am or what device I'm connecting from (as they are/were before Tailscale here at home) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.