[HowTo] WireGuard with OMV Super-Easy

  • Finally it works, but still have some problems



    miniupnpc is already the newest version (2.1-1+b1).

    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

    public: 0IcKZmBS9NEgodNG+L+OhEvVMddqUdsaOKfUkp+kAC7qng=

    Failed to get properties: Unit name cockpit-wsinstance-https@.socket is neither a valid invocation ID nor unit name.

    ● wg-quick@wgnet0.service - WireGuard via wg-quick(8) for wgnet0

    Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)

    Active: active (exited) since Sun 2020-03-22 00:26:30 +03; 20ms ago

    Docs: man:wg-quick(8)

    man:wg(8)

    https://www.wireguard.com/

    https://www.wireguard.com/quickstart/

    https://git.zx2c4.com/wireguar…/about/src/man/wg-quick.8

    https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8

    Process: 18147 ExecStart=/usr/bin/wg-quick up wgnet0 (code=exited, status=0/SUCCESS)

    Main PID: 18147 (code=exited, status=0/SUCCESS)


    Mar 22 00:26:30 openmediavault.local systemd[1]: Starting WireGuard via wg-quick(8) for wgnet0...

    Mar 22 00:26:30 openmediavault.local wg-quick[18147]: [#] ip link add wgnet0 type wireguard

    Mar 22 00:26:30 openmediavault.local wg-quick[18147]: [#] wg setconf wgnet0 /dev/fd/63

    Mar 22 00:26:30 openmediavault.local wg-quick[18147]: [#] ip -4 address add 10.192.122.1/24 dev wgnet0

    Mar 22 00:26:30 openmediavault.local wg-quick[18147]: [#] ip link set mtu 1420 up dev wgnet0

    Mar 22 00:26:30 openmediavault.local wg-quick[18147]: [#] iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o wgnet0 -j A

    Mar 22 00:26:30 openmediavault.local systemd[1]: Started WireGuard via wg-quick(8) for wgnet0.

    lines 1-19/19 (END)█████████████████████████████████████████████████████████

    █████████████████████████████████████████████████████████

    ████ ▄▄▄▄▄ █▄▀ █▄ ▄▄▀▀█▀ █ ▀ ███ █ ▄▀▄█▀▀▀ █ ▄▄▄▄▄ ████

    ████ █ █ █ ████ ██▀▀█ ▄ ███ ▄▀▀▄█ ▄█ █ █ ████

    ████ █▄▄▄█ █▄▀▀▀▀ ▄▄█▀▀▄█ ▄▄▄ ▄▄ ▄▄▄▀██ ▀███ █▄▄▄█ ████

    ████▄▄▄▄▄▄▄█▄▀ █▄▀▄▀ ▀ █ ▀ █▄█ █ ▀ ▀▄█▄▀ ▀ ▀ █▄▄▄▄▄▄▄████

    ████ ▄ ▀▀▄▀▄█▄█▀ ▄ ▄█▄█ ▄▄▄▄ ▀███▄▀ ▀███▀▀▀▄█▀▄▄▄█▄████

    ████ ▀▄██ ▄█▀▀▄ ▄ ▀█▄▀▀ █ ▀█ ▀▀█ ▀ ▄█▄▀▀█▄▀█▄ ▄▀▀ █████

    ████ █▀ ▄█▄▀ ▀▄█▄▄ ▄██▄▄█▀▄▀ ▄▄▄▀▀ █▄ ▄▀▄███▄▄▄▄█ █▀████

    ████▀█ █▀▄▄ ▀▀▄ ▄▄▀▄ ▀ ▀▀█▀▄▀▀▄█ ▀█▄▀▄ ▀▀▄█ ▄ ▀▀▄█████

    ████▄▀ ▄█▄▄█ ▀ █ █ ▄▄ ▀ ▄▄▀█▀ ▄ ▀▀▄█ ▄▄▄▄ ██▀▀▀ ████


    ████▄█ ▀▀ ▄▀▀▀▀█ ▀▀█▀█▄▄ ▄█▀ ▀█ ▀▄▀█▄█▀ ▀▄█▀▄▄ ▄ ██████

    █████ ▀▀█▄▄ ▀██▀▄█ ▄█ █▄▀ ▄▀▄ ▀█ █ ▄███▄▀█▀▀▀ ▄▀▀ ▀████

    ████▄▄▄███▄█▀█ ▄▄▀██▄ ▀ ▀▀ ▄▄▄ ▀ █▄▀▀▄▄ ▀ ▀ ▄▄▄ ▄ █▀████

    ████ ▄▄▄▄▄ ██▀█▄▄▄▄ ▀▄ ▄█▄ █▄█ ▀▀▀█▀██ ▄▄▀ █▄█ ▀███████

    ████ █ █ █▀▀▄▄▀█▄ ▄▀▀▄ ▀ ▄▄█▀██▄▄ ▄▄▀ ▀█▄▄ ▄ ▀█ ████

    ████ █▄▄▄█ █ █▄██▄▄██ ▄█▄▀▀▄▄ ▀ █▄ ▄ ▄ █▄ ▄▄ ▄▀▄█████

    ████▄▄▄▄▄▄▄█▄▄▄█▄██▄▄█▄▄▄▄███▄█▄▄████▄██████▄█████▄▄▄████

    █████████████████████████████████████████████████████████

    █████████████████████████████████████████████████████████

    Scan this Qrcode in your client. Before connecting ensure that Port 51820 (UDP) is

    forwarded from your router to your Server. Trying to set this up via Upnp now.

    upnpc : miniupnpc library test client, version 2.1.

    (c) 2005-2018 Thomas Bernard.

    Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/

    for more information.

    List of UPNP devices found on the network :

    desc: http://192.168.0.14:2869/dmr.xml

    st: upnp:rootdevice


    desc: http://192.168.0.21:8008/ssdp/device-desc.xml

    st: upnp:rootdevice


    UPnP device found. Is it an IGD ? : http://192.168.0.14:2869/

    Trying to continue anyway

    Local LAN ip address : unset

    GetExternalIPAddress failed.

    AddPortMapping(51820, 51820, unset) failed with code 602 (UnknownError)

    root@openmediavault:/#

    • Official Post

    Before connecting ensure that Port 51820 (UDP) is

    forwarded from your router to your Server. Trying to set this up via Upnp now.

    Setting up the port forwarding via upnp failed. So you have to do it manually in the router.

    Check the manual of the router, how to do it.

  • I received a failed handshake on my iPhone:


    Code
    [NET] peer(t5RE...2/Ao) - Failed to send handshake initiation no known endpoint for peer


    Current wgnet0.conf



    Anybody has any suggestion ?

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

  • Hello,


    I slip into this topic to see if some people would have tested the Veeam wireguard in their VeeamPN solution?

    If ever other people are interested to exchange on the subject in a private message or then see to create a topic for that.


    As far as I'm concerned, I would have tested this solution well, but I don't see a container for the moment, just an ova.


    Do you think it's possible to make one?


    I started from a basic ubuntu container and I added the application as indicated by Veeam: https://helpcenter.veeam.com/d…ampn_on_linux.html?ver=21


    Then I did a docker commit to generate my image and I created my container from my image but it doesn't seem to work.

    AMD Ryzen 5 2400G on Asus TUF B450M-PLUS - 16Gb RAM - 3 * 3To RAID5 on LSI Megaraid SAS 9260-8i and 3 SSD in Fractal Design Node 804 Black
    OS: OMV 6.3.2-1 (Shaitan)

  • Hi,


    I have tried to install but still getting below errors.

    Error 1: Failed to get properties: Unit name cockpit-wsinstance-https@.socket is neither a valid invocation ID nor unit name.

    Error 2:

    GetExternalIPAddress failed.

    AddPortMapping(51820, 51820, unset) failed with code 602 (UnknownError)


    Will PortForwarding be for 192.168.0.14 or my OMW (192.168.0.20)?






    Failed to get properties: Unit name cockpit-wsinstance-https@.socket is neither a valid invocation ID nor unit name.

    ● wg-quick@wgnet0.service - WireGuard via wg-quick(8) for wgnet0

    Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)

    Active: active (exited) since Sat 2020-03-28 05:07:47 +03; 13h ago

    Docs: man:wg-quick(8)

    man:wg(8)

    https://www.wireguard.com/

    https://www.wireguard.com/quickstart/

    https://git.zx2c4.com/wireguar…/about/src/man/wg-quick.8

    https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8

    Main PID: 656 (code=exited, status=0/SUCCESS)

    Tasks: 0 (limit: 4915)

    Memory: 0B

    CGroup: /system.slice/system-wg\x2dquick.slice/wg-quick@wgnet0.service


    Mar 28 05:07:44 openmediavault.local systemd[1]: Starting WireGuard via wg-quick(8) for wgnet0...

    Mar 28 05:07:44 openmediavault.local wg-quick[656]: [#] ip link add wgnet0 type wireguard

    Mar 28 05:07:44 openmediavault.local wg-quick[656]: [#] wg setconf wgnet0 /dev/fd/63

    Mar 28 05:07:44 openmediavault.local wg-quick[656]: [#] ip -4 address add 10.192.122.1/24 dev wgnet0

    Mar 28 05:07:45 openmediavault.local wg-quick[656]: [#] ip link set mtu 1420 up dev wgnet0

    Mar 28 05:07:46 openmediavault.local wg-quick[656]: [#] iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUE

    Mar 28 05:07:47 openmediavault.local systemd[1]: Started WireGuard via wg-quick(8) for wgnet0.

    lines 1-21/21 (END)█████████████████████████████████████████████████████████

    █████████████████████████████████████████████████████████

    ████ ▄▄▄▄▄ █ ▀▄ █▀ ▀▄▄▄▄▀▀▀▀▀ ▄█ ▀▄ █▀▄▄▀▄▀▀ █ ▄▄▄▄▄ ████

    ████ █ █ █ █ ▄▀▄█▀ █ █▀▄▀▄ ▀ ▀ ▀▄ ▀ ▄███ ▄█ █ █ ████

    ████ █▄▄▄█ █▀▀▄█ ▀▄▄ ▄▄ █ ▄▄▄ ▄█▀██ ▄█▄ ▀▀███ █▄▄▄█ ████

    █████▀▀█ ▄▄▄ ▀ ▀█▄▀█ ▄▄███ ▄▄▄ ▄█▀▀█ ▄ ▄▀▄██ ▄▄▄ ▀ ██████

    ████ ▄ ▀ █▄█ █▀ ▀▄█▄ ▀▄▀▀▄ █▄█ ▀ █▄ ▄ █▀▀▄█ █▄█ █▄▀█████

    ████ ▀█▀ ▄ ▀ ▄ ▄▀█▀█ ▀▄▄▄ ▄ █▀ ▄▀▄ █▀ ▄▀ ████

    ████▄▄▄███▄▄▀▄▀█▀ ▀▄▀▀▄ █▀ ▄▄▄ ▀▀█ ▄ ▄▄▀ ▀█▀ ▄▄▄ ▄▄▄▄████

    ████ ▄▄▄▄▄ █▀ ███▄ ▀██▀█▄ █▄█ ▄▀ ▄▀ █▀▄█▄▄ █▄█ █ ▄▄████

    ████ █ █ █▄▄ ▄ ▀▀▄█▀ ██ ▄ ▄████ ▀▄█▄ ▄▄▀▄▄ ▄█▄ ▀████

    ████ █▄▄▄█ █▀▀▄▀█ █ ▄ ▄▀█ █▄█▄▀▄█ ▄▄▀█▀▄ ▀ █▄▄ ▀▀ █████

    ████▄▄▄▄▄▄▄█▄█▄█▄▄▄▄▄██▄██▄▄██▄█▄▄█▄██▄█▄█▄▄▄██▄▄▄▄▄▄████

    █████████████████████████████████████████████████████████

    █████████████████████████████████████████████████████████

    Scan this Qrcode in your client. Before connecting ensure that Port 51820 (UDP) is

    forwarded from your router to your Server. Trying to set this up via Upnp now.

    upnpc : miniupnpc library test client, version 2.1.

    (c) 2005-2018 Thomas Bernard.

    Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/

    for more information.

    List of UPNP devices found on the network :

    desc: http://192.168.0.14:2869/dmr.xml

    st: upnp:rootdevice


    desc: http://192.168.0.14:2871/dms.xml

    st: upnp:rootdevice


    UPnP device found. Is it an IGD ? : http://192.168.0.14:2869/

    Trying to continue anyway

    Local LAN ip address : unset

    GetExternalIPAddress failed.

    AddPortMapping(51820, 51820, unset) failed with code 602 (UnknownError)

  • The wireguard packages are in buster-backports now.


    sudo apt-get -t buster-backports install wireguard wireguard-dkms wireguard-tools

    I installed wireguard via backports. During installation, I didn't see any errors but when I run modprobe, I get the following:


    Code
    sudo modprobe wireguard
    modprobe: FATAL: Module wireguard not found in directory /lib/modules/4.19.0-0.bpo.6-amd64

    Although,

    Code
    sudo dpkg -l | grep wireguard
    ii  wireguard                        1.0.20200206-2~bpo10+1            all          fast, modern, secure kernel VPN tunnel (metapackage)
    ii  wireguard-dkms                   0.0.20200215-2~bpo10+1            all          fast, modern, secure kernel VPN tunnel (DKMS version)
    ii  wireguard-tools                  1.0.20200206-2~bpo10+1            amd64        fast, modern, secure kernel VPN tunnel (userland utilities)

    So is wireguard installed or not?

  • Thanks for the script, worked perfectly on my OMV 4 install with scanning the QR code on an iPhone. I have a very dumb question. How do I add a second client, my MacBook that can't scan a code? Is there a function to export the config so I can import it into the app on the Mac?


    **Nevermind, figured it out!**

  • Still got errors:


    Code
    2020-03-29 12:11:41.941
    [NET] peer(t5RE…2/Ao) - Handshake did not complete after 5 seconds, retrying (try 5)
    2020-03-29 12:11:41.941
    [NET] peer(t5RE…2/Ao) - Sending handshake 

    OMV v5.0
    Asus Z97-A/3.1; i3-4370
    32GB RAM Corsair Vengeance Pro

    • Official Post

    Is there a way we can sign up to get a notification when the openmediavault-wireguard plugin gets out of beta?

    Not really. I guess you could watch the github repo - https://github.com/OpenMediaVa…/openmediavault-wireguard

    And regarding that any progress reports somewhere?

    There is no progress because no one is testing and providing feedback.


    Is there still a lot of work to do?

    Not sure. It seems like it is complete but maybe it is not.

    omv 7.4.10-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.14 | k8s 7.3.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.9


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Appreciate the effort but you're asking people to run an undocumented script blind on their system?


    First issue : The very first statement 'set -e' is problematic as it naively tries to tell the script to exit on any error. No error checking is contained in the script. This directive is full of gotcha's http://mywiki.wooledge.org/BashFAQ/105


    Honestly, if had the skills to read through and understand every uncommented line then I could do it myself anyway.


    PW

  • Appreciate the effort but you're asking people to run an undocumented script blind on their system?

    Well, I suppose that's what most users do with most of the code used in OMV.

    It's documented, but I would assume that most users don't bother reading the code. The Plugin-In is not more or less documented than this script.

    Same applies on closed source software.

    Honestly, if had the skills to read through and understand every uncommented line then I could do it myself anyway.

    I am not sure.

    For me it is easier understanding a script than doing what it does myself.

    If that is different for you, the script is not for you. But others seem to be grateful for it.


    I hope you found a solution that works for you.


    Greetings,

    Hendrik

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!