I do not have another vpn only wireguard in docker.
I have in docker:
portainer
yacht
radarr
bazarr
yackett
plex
pyload
I do not have another vpn only wireguard in docker.
I have in docker:
portainer
yacht
radarr
bazarr
yackett
plex
pyload
I am missing some details here. Maybe it is not a server issue, but a client issue?
I understood that you can successfully connect to your OMV server using wireguard, but not to any other servers on the same network.
Could you post the following information for us:
- What network is your client on and which IP does it have?
- When you have the connection established, can you do a traceroute to one of the other systems on the LAN? (Just to make sure that this is not a routing issue, and only the traffic to the OMV gets routed through the wireguard tunnel, and all other traffic uses your default gateway).
- Then do a traceroute to the OMV server.
Please post the output here (by using the </> code formatting).
When I set PEERDNS=8.8.8.8 in yml notting change.
I have loop error when docker-compose up ...
Alles anzeigenI am missing some details here. Maybe it is not a server issue, but a client issue?
I understood that you can successfully connect to your OMV server using wireguard, but not to any other servers on the same network.
Could you post the following information for us:
- What network is your client on and which IP does it have?
- When you have the connection established, can you do a traceroute to one of the other systems on the LAN? (Just to make sure that this is not a routing issue, and only the traffic to the OMV gets routed through the wireguard tunnel, and all other traffic uses your default gateway).
- Then do a traceroute to the OMV server.
Please post the output here (by using the </> code formatting).
All the time I can connect all services on My NAS where is wireguard server (192.168.1.66) bu I can not connect anything else on my LAN.
When i try to connect 192.167.1.77 or any other LAN ip with ssh I got this error
Faild to connect to /192.168.1.77 (port 22) from /:: (port 38358) connect failed: ETIMEDOUT (Connection timed out)
On my client I have Allowed IPs: 10.13.13.1/32, 192.168.1.0/24
Can you post your wg0.conf? (Please, use the "Code" function on the editor </> symbol. 3rd from the right on the top of the posting box banner)
wg0.conf
[Interface]
Address = 10.13.13.1
ListenPort = 51820
PrivateKey =
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
# peer_mi9t
PublicKey =
AllowedIPs = 10.13.13.2/32
Alles anzeigen
peer_mi9t.conf
Edit your line #2:
See if this solves it.
OR
DISCLAIMER:
This might give you other issues so, try it at your own risk and if the above doesn't solve it.
Also, on the OMV gui, OMV-Extras -> Docker, there is a warning that states that:
ZitatDebian 10/OMV 5.x uses iptables-nft by default and Docker needs iptables-legacy. Use iptables menu to change. More Info Here...
Maybe you can try to click "iptables" -> +Use legacy.
This is the configuration of my peer1.
The AllowedIPs line must have a value of 0.0.0.0/0 to be able to access the entire network according to the documentation.
[Interface]
Address = 10.13.13.2
PrivateKey = xxxxxxxxxxxxxxxx
ListenPort = 51820
DNS = 10.13.13.1
[Peer]
PublicKey = xxxxxxxxxxxxxxx
Endpoint = xxxxxxxxxxxx:51820
AllowedIPs = 0.0.0.0/0
Edit: Once the wireguard connection is configured on the smartphone you can edit it and change this. It's another way to do it.
Change this line did not help
iptables-legacy --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:9000
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:8000
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8000
ACCEPT udp -- anywhere 172.17.0.4 udp dpt:51820
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Alles anzeigen
This type of issues are the reason why I don't run wireguard on docker.
I out of ideas. Sorry.
I was trying this 0.0.0.0/0 but make no diference
This type of issues are the reason why I don't run wireguard on docker.
I out of ideas. Sorry.
How can I then run wireguard outside docker?
Wireguard module from docker will be ok for non docker wireguard? or outside docker wireguard use something else?
I'd like to try one more time. With all the changes I no longer know what your configuration is.
I would appreciate it if you could republish the content of your yml, please. Using </> in the top menu.
One last "stupid" question:
You do have a portforward rule on your router created, do you not?
From external WAN port 51280 to internal LAN IP 192.168.1.66 port 51280
Yes I have
Yes I have
Sorry, had to ask,
If you decide to try wireguard on the Host, post the output of
cat /etc/*release*
uname -a
cat /etc/apt/sources.list
ZitatFaild to connect to /192.168.1.77 (port 22) from /:: (port 38358)
Guys ... can anyone tell me what this /:: in this message is about?
Looks a bit like IPv6 :: ...
Could it be there is something wrong that routes certain traffic from an IPv4 interface to an IPv6 interface, which then ends in nowhere?
This confuses me a bit.
How can I do that?
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!