[HowTo] WireGuard with OMV Super-Easy

    • Resolved
    • OMV 4.x
    • I tried with the Mac client, same result. It says its connected but nothing passes though. No difference when I run wg as well.

      I'm beginning to think it may be my shitty isp router. I had a IPsec VPN docker working for ages but one day all my devices stopped sending data even though they were connected, all except my android phone for some strange reason. Its the only reason I have been looking for another option.

      In any case here is the log from the Mac.

      Source Code

      1. 2019-11-03 11:58:14.825958: [APP] App version: 0.0.20191012 (14); Go backend version: 0.0.20190909
      2. 2019-11-03 12:00:06.049070: [APP] startActivation: Entering (tunnel: Office WG)
      3. 2019-11-03 12:00:06.053677: [APP] startActivation: Starting tunnel
      4. 2019-11-03 12:00:06.054392: [APP] startActivation: Success
      5. 2019-11-03 12:00:06.063820: [APP] Tunnel 'Office WG' connection status changed to 'connecting'
      6. 2019-11-03 12:00:06.551000: [NET] App version: 0.0.20191012 (14); Go backend version: 0.0.20190909
      7. 2019-11-03 12:00:06.551307: [NET] Starting tunnel from the app
      8. 2019-11-03 12:00:11.054034: [APP] Status update notification timeout for tunnel 'Office WG'. Tunnel status is now 'connecting'.
      9. 2019-11-03 12:00:11.599368: [NET] Tunnel interface is utun1
      10. 2019-11-03 12:00:11.600350: [NET] Attaching to interface
      11. 2019-11-03 12:00:11.601639: [NET] Routine: handshake worker - started
      12. 2019-11-03 12:00:11.601810: [NET] Routine: decryption worker - started
      13. 2019-11-03 12:00:11.601944: [NET] Routine: handshake worker - started
      14. 2019-11-03 12:00:11.602051: [NET] Routine: encryption worker - started
      15. 2019-11-03 12:00:11.602159: [NET] Routine: decryption worker - started
      16. 2019-11-03 12:00:11.602277: [NET] Routine: handshake worker - started
      17. 2019-11-03 12:00:11.602390: [NET] Routine: event worker - started
      18. 2019-11-03 12:00:11.602494: [NET] Routine: encryption worker - started
      19. 2019-11-03 12:00:11.602604: [NET] Routine: encryption worker - started
      20. 2019-11-03 12:00:11.602717: [NET] Routine: decryption worker - started
      21. 2019-11-03 12:00:11.602825: [NET] Routine: handshake worker - started
      22. 2019-11-03 12:00:11.602930: [NET] Routine: encryption worker - started
      23. 2019-11-03 12:00:11.603046: [NET] Routine: encryption worker - started
      24. 2019-11-03 12:00:11.603148: [NET] Routine: encryption worker - started
      25. 2019-11-03 12:00:11.603254: [NET] Routine: decryption worker - started
      26. 2019-11-03 12:00:11.603363: [NET] Routine: handshake worker - started
      27. 2019-11-03 12:00:11.603476: [NET] Routine: decryption worker - started
      28. 2019-11-03 12:00:11.603586: [NET] Routine: encryption worker - started
      29. 2019-11-03 12:00:11.603698: [NET] Routine: encryption worker - started
      30. 2019-11-03 12:00:11.603809: [NET] Routine: handshake worker - started
      31. 2019-11-03 12:00:11.603915: [NET] Routine: decryption worker - started
      32. 2019-11-03 12:00:11.604023: [NET] Routine: TUN reader - started
      33. 2019-11-03 12:00:11.604169: [NET] Routine: decryption worker - started
      34. 2019-11-03 12:00:11.604236: [NET] Routine: decryption worker - started
      35. 2019-11-03 12:00:11.604342: [NET] Routine: handshake worker - started
      36. 2019-11-03 12:00:11.604456: [NET] Routine: handshake worker - started
      37. 2019-11-03 12:00:11.604767: [NET] UAPI: Updating private key
      38. 2019-11-03 12:00:11.605084: [NET] UAPI: Updating listen port
      39. 2019-11-03 12:00:11.605175: [NET] UAPI: Removing all peers
      40. 2019-11-03 12:00:11.605289: [NET] UAPI: Transition to peer configuration
      41. 2019-11-03 12:00:11.605875: [NET] peer(Z5QE…YyTg) - UAPI: Created
      42. 2019-11-03 12:00:11.605999: [NET] peer(Z5QE…YyTg) - UAPI: Updating persistent keepalive interval
      43. 2019-11-03 12:00:11.606062: [NET] peer(Z5QE…YyTg) - UAPI: Removing all allowedips
      44. 2019-11-03 12:00:11.606172: [NET] peer(Z5QE…YyTg) - UAPI: Adding allowedip
      45. 2019-11-03 12:00:11.607060: [NET] Routine: receive incoming IPv6 - started
      46. 2019-11-03 12:00:11.607186: [NET] Routine: receive incoming IPv4 - started
      47. 2019-11-03 12:00:11.607315: [NET] UDP bind has been updated
      48. 2019-11-03 12:00:11.607400: [NET] peer(Z5QE…YyTg) - Starting...
      49. 2019-11-03 12:00:11.607673: [NET] peer(Z5QE…YyTg) - Routine: sequential sender - started
      50. 2019-11-03 12:00:11.607747: [NET] peer(Z5QE…YyTg) - Routine: nonce worker - started
      51. 2019-11-03 12:00:11.607854: [NET] peer(Z5QE…YyTg) - Routine: sequential receiver - started
      52. 2019-11-03 12:00:11.607999: [NET] Device started
      53. 2019-11-03 12:00:11.609593: [APP] Tunnel 'Office WG' connection status changed to 'connected'
      54. 2019-11-03 12:00:16.054947: [APP] Status update notification timeout for tunnel 'Office WG'. Tunnel status is now 'connected'.
      55. 2019-11-03 12:00:16.526069: [NET] peer(Z5QE…YyTg) - Sending handshake initiation
      56. 2019-11-03 12:00:16.527260: [NET] peer(Z5QE…YyTg) - Failed to send handshake initiation no known endpoint for peer
      57. 2019-11-03 12:00:16.527462: [NET] peer(Z5QE…YyTg) - Awaiting keypair
      58. 2019-11-03 12:00:21.801177: [NET] peer(Z5QE…YyTg) - Handshake did not complete after 5 seconds, retrying (try 2)
      59. 2019-11-03 12:00:21.801374: [NET] peer(Z5QE…YyTg) - Sending handshake initiation
      60. 2019-11-03 12:00:21.807963: [NET] peer(Z5QE…YyTg) - Failed to send handshake initiation no known endpoint for peer
      61. 2019-11-03 12:00:26.972475: [NET] peer(Z5QE…YyTg) - Handshake did not complete after 5 seconds, retrying (try 2)
      62. 2019-11-03 12:00:26.972710: [NET] peer(Z5QE…YyTg) - Sending handshake initiation
      63. 2019-11-03 12:00:26.979475: [NET] peer(Z5QE…YyTg) - Failed to send handshake initiation no known endpoint for peer
      64. 2019-11-03 12:00:32.260704: [NET] peer(Z5QE…YyTg) - Handshake did not complete after 5 seconds, retrying (try 2)
      65. 2019-11-03 12:00:32.261006: [NET] peer(Z5QE…YyTg) - Sending handshake initiation
      66. 2019-11-03 12:00:32.261464: [NET] peer(Z5QE…YyTg) - Failed to send handshake initiation no known endpoint for peer
      67. 2019-11-03 12:00:37.438737: [NET] peer(Z5QE…YyTg) - Handshake did not complete after 5 seconds, retrying (try 2)
      68. 2019-11-03 12:00:37.438898: [NET] peer(Z5QE…YyTg) - Sending handshake initiation
      69. 2019-11-03 12:00:37.439207: [NET] peer(Z5QE…YyTg) - Failed to send handshake initiation no known endpoint for peer
      70. 2019-11-03 12:00:42.691229: [NET] peer(Z5QE…YyTg) - Handshake did not complete after 5 seconds, retrying (try 2)
      71. 2019-11-03 12:00:42.691507: [NET] peer(Z5QE…YyTg) - Sending handshake initiation
      72. 2019-11-03 12:00:42.698144: [NET] peer(Z5QE…YyTg) - Failed to send handshake initiation no known endpoint for peer
      73. 2019-11-03 12:00:48.023410: [NET] peer(Z5QE…YyTg) - Handshake did not complete after 5 seconds, retrying (try 3)
      74. 2019-11-03 12:00:48.023634: [NET] peer(Z5QE…YyTg) - Sending handshake initiation
      75. 2019-11-03 12:00:48.030391: [NET] peer(Z5QE…YyTg) - Failed to send handshake initiation no known endpoint for peer
      Display All
    • Got this reply with an email but its not in the forum

      ---------------------------------
      Zitat: „no known endpoint for peer

      Is there an Endpoint specified under Peer in the conf of your iOS machine? Should be the external of your router or a dyndns address + the port (e.g. my.domain.com:51820)

      ---------------------------------

      I added xx.xx.xx.xx:51820 to the iOS settings but it made no difference
    • I have been messing around with the IP addresses in the script, so this isn't the same a before, but it has the same outcome - I can connect fine but no data transfers

      On OMV;


      Source Code

      1. [Interface]
      2. Address = 192.168.1.0/24 SaveConfig = true
      3. ListenPort = 51820 PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o $
      4. PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -$
      5. PrivateKey = APdxxx=
      6. [Peer]
      7. PublicKey = qlRxxx=
      8. AllowedIPs = 192.168.1.0/24
      On the iPad;

      [Interface]

      Public key = qlRxxx=
      Addresses = 192.168.1.0/24

      [Peer]
      Public Key = LB9xxx=
      Allowed IPs = 0.0.0.0/0
    • The IP configs look incorrect cause now both machines have the same IP. Try these confs. I reverted the IP adresses, cause they worked for me without changing them. To understand the workings of Wireguard I also suggest reading the main introduction on wireguard.com

      Source Code

      1. [Interface]
      2. Address = 10.192.122.1/24
      3. SaveConfig = true
      4. ListenPort = 51820
      5. PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o $
      6. PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -$
      7. PrivateKey = APdxxx=
      8. [Peer]
      9. PublicKey = qlRxxx=
      10. AllowedIPs = 10.192.122.2/24
      Display All


      and on the iPad:

      Source Code

      1. [Interface]
      2. Public key = qlRxxx=
      3. Addresses = 10.192.122.2/24
      4. [Peer]
      5. Public Key = LB9xxx=
      6. Allowed IPs = 0.0.0.0/0
      7. Endpoint = yourserverip:51820
    • So I really like Wireguard as I have used it on my Unraid server where it is implemented beautifuly and performs really well.
      I tried the script but couldn't get it to work, I get the same errors as @aykaydub.
      At first I also didn't set my network device.
      Then I uninstalled everything like this (don't know if correct):
      • rm -r /etc/wireguard
      • apt purge wireguard
      • apt purge qrencode
      • apt purge miniupnpc
      • rm /etc/apt/sources.list.d/unstable-wireguard.list
      • rm /etc/apt/preferences.d/limit-unstable
      • apt autoremove
      Then I run the script again with the correct network device, but I still couldn't get the script to finish...

      I also tried @ryecoaarons plugin but this says there are unmet dependencies.
      Doesn't mention which but I figured it might be the wirguard-tools from @Morlans post.
      I am running OMV5 on amd64 though...
      So I tried uploading wireguard-tools_0.0.20190702-3_amd64.deb but it says its not matching the naming convention.

      So I would be really happy for some advice :)

      Edit:
      Tried to install wireguard tools manually:
      apt install /sharedfolders/data/wireguard-tools_0.0.20190702-3_amd64.deb
      Then tried to install the plugin again, but still no luck...
    • ozboss wrote:

      I also tried @ryecoaarons plugin but this says there are unmet dependencies.
      Doesn't mention which but I figured it might be the wirguard-tools from @Morlans post.
      I am running OMV5 on amd64 though...
      So I tried uploading wireguard-tools_0.0.20190702-3_amd64.deb but it says its not matching the naming convention.

      So I would be really happy for some advice

      Edit:
      Tried to install wireguard tools manually:
      apt install /sharedfolders/data/wireguard-tools_0.0.20190702-3_amd64.deb
      Then tried to install the plugin again, but still no luck...
      How did you get the plugin? If you enabled the beta repo (has to be done from command line), then the dependencies are there. If not and you just downloaded the plugin .deb, you will need to download the wireguard .deb packages as well. Download wireguard, wireguard-tools, wireguard-dkms from bintray.com/openmediavault-plugin-developers/usul-beta
      omv 5.2.4 usul | 64 bit | 5.3 proxmox kernel | omvextrasorg 5.2.2
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Users Online 1

      1 Guest