uek2wooF Posted March 15, 2021 Share Posted March 15, 2021 28 minutes ago, uek2wooF said: Ah ok. Well it is easy to do on a laptop but sort of a pain on a phone. It would be nice to customize it from the unraid gui. Thanks. Oops never mind. I forgot I made a qrcode generator docker container. I pasted the config in there, modified it, and generated a new qrcode for my phone to use. Quote Link to comment
ljm42 Posted March 15, 2021 Share Posted March 15, 2021 20 minutes ago, uek2wooF said: Oops never mind. I forgot I made a qrcode generator docker container. I pasted the config in there, modified it, and generated a new qrcode for my phone to use. nice! Quote Link to comment
InfInIty Posted March 16, 2021 Share Posted March 16, 2021 So I went through the documentation here. https://unraid.net/blog/wireguard-on-unraid I am now trying to add an IOS client, and whenever I scan the QR code, it says invalid QR code, The Scanned QR Code is not valid WireGuard Configuration not sure where to go from here, any ideas? Quote Link to comment
InfInIty Posted March 16, 2021 Share Posted March 16, 2021 38 minutes ago, InfInIty said: So I went through the documentation here. https://unraid.net/blog/wireguard-on-unraid I am now trying to add an IOS client, and whenever I scan the QR code, it says invalid QR code, The Scanned QR Code is not valid WireGuard Configuration not sure where to go from here, any ideas? Ok I got the connection imported. IOS seems to think I am connected, but the unraid plugin does not see a handshake, and I have no access to anything on my network. Quote Link to comment
Fith Posted March 19, 2021 Share Posted March 19, 2021 (edited) Does this not work if the Computer for setup is Windows 10 with PIA Wireguard setup already? I tried the tutorial and couldn't ever connect to the unRaid Server. (Yes, I tried to disable PIA WG...still no connection.) ( BTW, My duck dns was a subdomain, if that matters) Also, When this is set up properly, can I run my Docker Containers thru this VPN? I probably really don't understand what exactly this is for. Log: 2021-03-19 12:17:44.303434: [TUN] [peer-Tower-wg0-1] peer(hrSH…C2j8) - Sending handshake initiation 2021-03-19 12:17:49.414848: [TUN] [peer-Tower-wg0-1] peer(hrSH…C2j8) - Handshake did not complete after 5 seconds, retrying (try 5) 2021-03-19 12:17:49.414848: [TUN] [peer-Tower-wg0-1] peer(hrSH…C2j8) - Sending handshake initiation 2021-03-19 12:17:54.493663: [TUN] [peer-Tower-wg0-1] peer(hrSH…C2j8) - Handshake did not complete after 5 seconds, retrying (try 6) 2021-03-19 12:17:54.493663: [TUN] [peer-Tower-wg0-1] peer(hrSH…C2j8) - Sending handshake initiation 2021-03-19 12:17:59.593883: [TUN] [peer-Tower-wg0-1] peer(hrSH…C2j8) - Handshake did not complete after 5 seconds, retrying (try 7) Ok, so I figured out the client can't be on the same Network, tried with LTE and WG on my phone, still no success.... Edited March 19, 2021 by Fith Quote Link to comment
ljm42 Posted March 26, 2021 Share Posted March 26, 2021 Heads up! There is a new WireGuard plugin, read more about it here: https://forums.unraid.net/topic/84229-dynamix-wireguard-vpn/page/18/?tab=comments#comment-968142 Quote Link to comment
Jandrop Posted April 12, 2021 Share Posted April 12, 2021 I don't know if anybody is at the same situation as me, I have a UDM Pro and I use the vpn integrated l2tp to access to unraid, so I can use the firewall rules to block all port services on unraid and on my lan, If I use the wireguard vpn to access to unraid all the ports are exposed and I don't know how to block them, because the gw is unraid and the firewall rules of my router doesn't work. So my question is simple, there's any way to block all the ports on unRaid and only allow to connect the shared services SMB, NFS? Quote Link to comment
trott Posted April 12, 2021 Share Posted April 12, 2021 usually for wireguard, you only need to forwarder the wirguard port on UDM Pro to urnaid IP, all other port are still close to public Quote Link to comment
Jandrop Posted April 12, 2021 Share Posted April 12, 2021 3 hours ago, trott said: usually for wireguard, you only need to forwarder the wirguard port on UDM Pro to urnaid IP, all other port are still close to public Hi, the point is allow to another users to connect to the shared folders and block the access to the docker services. With wireguard on unRaid I can't see the option. Quote Link to comment
bonienl Posted April 12, 2021 Share Posted April 12, 2021 6 hours ago, Jandrop said: I don't know if anybody is at the same situation as me, I have a UDM Pro and I use the vpn integrated l2tp to access to unraid, so I can use the firewall rules to block all port services on unraid and on my lan, If I use the wireguard vpn to access to unraid all the ports are exposed and I don't know how to block them, because the gw is unraid and the firewall rules of my router doesn't work. So my question is simple, there's any way to block all the ports on unRaid and only allow to connect the shared services SMB, NFS? The WireGuard solution is intended to give only "trusted" users access, any "outsiders" can't make access because they don't have the WG keys to establish the session. Who is accessing your Unraid server over WireGuard? It sounds like you are setting up some "public" service. Any device on your LAN which runs on its own unique IP address (this may include docker containers and VMs) can be allowed or denied access over WG (configurable in the GUI). Quote Link to comment
Jandrop Posted April 12, 2021 Share Posted April 12, 2021 7 minutes ago, bonienl said: The WireGuard solution is intended to give only "trusted" users access, any "outsiders" can't make access because they don't have the WG keys to establish the session. Who is accessing your Unraid server over WireGuard? It sounds like you are setting up some "public" service. Any device on your LAN which runs on its own unique IP address (this may include docker containers and VMs) can be allowed or denied access over WG (configurable in the GUI). I just want to give access to the shared folders to my family, but I'm not interested in expose all the ports of my Unraid server. Right now they are using a vpn with l2tp and I have multiple firewall rules only to give access to smb and block the rest. Quote Link to comment
bonienl Posted April 12, 2021 Share Posted April 12, 2021 There are not many other ports open on Unraid, it is not a fully fledged server with many different services to run. On the management access page you can further tell what management services to open or close. Services like http/https, ssh and telnet are all protected by a login authentication. Quote Link to comment
Jandrop Posted April 12, 2021 Share Posted April 12, 2021 35 minutes ago, bonienl said: There are not many other ports open on Unraid, it is not a fully fledged server with many different services to run. On the management access page you can further tell what management services to open or close. Services like http/https, ssh and telnet are all protected by a login authentication. Well, If you are a hard docker user like me, you will know that when you map a port this port is binded to the unraid ip, so I have mulple services like sonarr, radarr, gitlab, etc binded to the unraidip:portservice. I´m interested to block this ports if were possible. If not I can use the udm vpn. Quote Link to comment
bonienl Posted April 12, 2021 Share Posted April 12, 2021 A possible solution is to run docker containers on a custom network (br0), this will give them a unique IP address and restrict access. Quote Link to comment
IpDo Posted May 6, 2021 Share Posted May 6, 2021 Hi, Might be unrated - but maybe someone here can help. I've tried using this plugin on 2 different unraid servers located on 2 different networks. In both I get the same result - I can access the main unraid server, but nothing more (meaning, I can enter the IP on the unraid server and it works perfectly. nothing else in the network [such other servers] works). Both servers are behind dedicated pfsense firewalls. Both have the port forwarded as needed. I've tried the Advance setup on one (NAT to false, Docker Host access to custom networks "enabled" and firewall rule): Firewall rules I've tried, but seems to make no difference: And here is the second one, with the "basic" config: Port forwarding for both looks mostly the same: Any ideas? And thanks for the plugin! :) Quote Link to comment
ljm42 Posted May 6, 2021 Share Posted May 6, 2021 5 hours ago, IpDo said: I can access the main unraid server, but nothing more (meaning, I can enter the IP on the unraid server and it works perfectly. nothing else in the network [such other servers] works). In your screenshot, next to "local server uses NAT" there is a remark that says "configure your router with a static route..." did you do that? A static route is not a firewall rule, I'd remove those extra firewall rules unless you know for sure they are needed. Probably best if you go through the WireGuard quickstart quide, it has a lot more detail including a section on "Complex networks" that explains how a few settings work together to give you access to your LAN: Quote Link to comment
IpDo Posted May 6, 2021 Share Posted May 6, 2021 (edited) Thanks for the reply, I've added a static route now on both configs - Some improvements, but I still having some issues. On the simple server - I can now connect to the Unraid UI and to the pfsense UI. but I still can't access anything else on the network. I've tried the firewall rules because of the firewall log: (first one 192.168.0.31:8123 is the source, the 10.253.0.2 is the destination) it looks like the remote device (the VPN peer) try to talk to the local service, but when the local service try to "take back" there's an issue. on the complex server, it's basically the same + but I can't access the main UI as it forward automatically to the local domain (unraid.privateFQDN.org) and it stops there. dockers on the unraid server (using the IP address) connect perfectly. Edit: Found the fix the the issue, not sure why my config is causing it - but the scenario here is Asymmetric Routing. The solution is to enable "Bypass firewall rules for traffic on the same interface" under System/Advanced/Firewall & NAT: That fix both of the issues described above. Edited May 6, 2021 by IpDo 3 Quote Link to comment
ljm42 Posted May 7, 2021 Share Posted May 7, 2021 20 hours ago, IpDo said: The solution is to enable "Bypass firewall rules for traffic on the same interface" Thanks, I've added a hint about this to the guide https://forums.unraid.net/topic/84226-wireguard-quickstart/ Quote Link to comment
mark seaton Posted July 17, 2021 Share Posted July 17, 2021 I watched a few videos on setting this up with unraid, I have duckdns setup, the port forwarding in my edge X router but i don't see any shares in my network remotely, says i am connected but nothing shows, also i cant figure out how to remove all the old settings with wireguard. Quote Link to comment
ljm42 Posted July 18, 2021 Share Posted July 18, 2021 20 hours ago, mark seaton said: I watched a few videos on setting this up with unraid, I have duckdns setup, the port forwarding in my edge X router but i don't see any shares in my network remotely, says i am connected but nothing shows I'd recommend you go through the first two posts in the quickstart guide: 20 hours ago, mark seaton said: i cant figure out how to remove all the old settings with wireguard. Change the slider from basic to advanced, that will enable the Delete Tunnel button. 1 Quote Link to comment
Kaveesha Ranasinghe Posted July 18, 2021 Share Posted July 18, 2021 I need to remove wg1, wg2, wg3, wg4 and wg5 on unraid wireguard how to do this ? Quote Link to comment
itimpi Posted July 18, 2021 Share Posted July 18, 2021 7 minutes ago, Kaveesha Ranasinghe said: I need to remove wg1, wg2, wg3, wg4 and wg5 on unraid wireguard how to do this ? Have you switched to Advanced view using the toggle at the top-right? Quote Link to comment
Kaveesha Ranasinghe Posted July 18, 2021 Share Posted July 18, 2021 I was so stressed about this that I didn't even see the delete tunnel button in the Advance Menu. Thank You very much Quote Link to comment
mark seaton Posted July 21, 2021 Share Posted July 21, 2021 On 7/18/2021 at 5:02 AM, itimpi said: Have you switched to Advanced view using the toggle at the top-right? Got it, wish I did not have to switch to advanced view everywhere in Unraid to see the delete button, I always forget were it is.. Quote Link to comment
mark seaton Posted July 21, 2021 Share Posted July 21, 2021 On 7/17/2021 at 8:20 PM, ljm42 said: I'd recommend you go through the first two posts in the quickstart guide: Ok I got access to my Unraid GUI remotely using remote access to server, but I don't see any of my shares on my server? am I missing some thing, do I need to port forward SMB or something as well? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.