rsync over ssh (+ wireguard)

  • I am missing some details here. Maybe it is not a server issue, but a client issue?

    I understood that you can successfully connect to your OMV server using wireguard, but not to any other servers on the same network.


    Could you post the following information for us:

    - What network is your client on and which IP does it have?

    - When you have the connection established, can you do a traceroute to one of the other systems on the LAN? (Just to make sure that this is not a routing issue, and only the traffic to the OMV gets routed through the wireguard tunnel, and all other traffic uses your default gateway).

    - Then do a traceroute to the OMV server.


    Please post the output here (by using the </> code formatting).

  • All the time I can connect all services on My NAS where is wireguard server (192.168.1.66) bu I can not connect anything else on my LAN.


    When i try to connect 192.167.1.77 or any other LAN ip with ssh I got this error

    Faild to connect to /192.168.1.77 (port 22) from /:: (port 38358) connect failed: ETIMEDOUT (Connection timed out)


    On my client I have Allowed IPs: 10.13.13.1/32, 192.168.1.0/24

  • Can you post your wg0.conf? (Please, use the "Code" function on the editor </> symbol. 3rd from the right on the top of the posting box banner)

  • wg0.conf



    peer_mi9t.conf

    Code
    [Interface]
    Address = 10.13.13.2
    PrivateKey =
    ListenPort = 51820
    DNS = 8.8.8.8
    [Peer]
    PublicKey =
    Endpoint = ddnsip:51820
    AllowedIPs = 10.13.13.1/32, 192.168.1.0/24
  • Edit your line #2:


    Code
    [Interface]
    Address = 10.13.13.1/24

    See if this solves it.


    OR

    DISCLAIMER:

    This might give you other issues so, try it at your own risk and if the above doesn't solve it.


    Also, on the OMV gui, OMV-Extras -> Docker, there is a warning that states that:

    Quote

    Debian 10/OMV 5.x uses iptables-nft by default and Docker needs iptables-legacy. Use iptables menu to change. More Info Here...

    Maybe you can try to click "iptables" -> +Use legacy.

  • This is the configuration of my peer1.

    The AllowedIPs line must have a value of 0.0.0.0/0 to be able to access the entire network according to the documentation.


    Code
    [Interface]
    Address = 10.13.13.2
    PrivateKey = xxxxxxxxxxxxxxxx
    ListenPort = 51820
    DNS = 10.13.13.1
    [Peer]
    PublicKey = xxxxxxxxxxxxxxx
    Endpoint = xxxxxxxxxxxx:51820
    AllowedIPs = 0.0.0.0/0

    Edit: Once the wireguard connection is configured on the smartphone you can edit it and change this. It's another way to do it.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • Change this line did not help :(

    Code
    Address = 10.13.13.1/24

    iptables-legacy --list

    Code
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    iptables --list

  • This type of issues are the reason why I don't run wireguard on docker.


    I out of ideas. Sorry.

  • try changing the settings on your smartphone.

    Edit the allowed IP addresses and put the value 0.0.0.0/0

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • I'd like to try one more time. With all the changes I no longer know what your configuration is.

    I would appreciate it if you could republish the content of your yml, please. Using </> in the top menu.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • One last "stupid" question:


    You do have a portforward rule on your router created, do you not?


    From external WAN port 51280 to internal LAN IP 192.168.1.66 port 51280

  • Yes I have

    Sorry, had to ask, :)


    If you decide to try wireguard on the Host, post the output of

    cat /etc/*release*

    uname -a

    cat /etc/apt/sources.list

  • Quote

    Faild to connect to /192.168.1.77 (port 22) from /:: (port 38358)

    Guys ... can anyone tell me what this /:: in this message is about?

    Looks a bit like IPv6 :: ...

    Could it be there is something wrong that routes certain traffic from an IPv4 interface to an IPv6 interface, which then ends in nowhere?

    This confuses me a bit.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!