Run on the CLI (either local or via SSH) and post it's output:
sudo ip addr
sudo systemctl status wg-quick@wg0.service
Run on the CLI (either local or via SSH) and post it's output:
sudo ip addr
sudo systemctl status wg-quick@wg0.service
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: enx001e06367807: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 15
00 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:1e:06:36:78:07 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.66/24 brd 192.168.1.255 scope global enx0
01e06367807
valid_lft forever preferred_lft forever
5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noque
ue state UNKNOWN group default qlen 1000
link/none
inet 10.253.3.1/24 scope global wg0
valid_lft forever preferred_lft forever
6: br-2841674f7537: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu
1500 qdisc noqueue state DOWN group default
link/ether 02:42:40:6e:88:a2 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-28
41674f7537
valid_lft forever preferred_lft forever
7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default
link/ether 02:42:c5:94:6f:f4 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docke
r0
valid_lft forever preferred_lft forever
inet6 fe80::42:c5ff:fe94:6ff4/64 scope link
valid_lft forever preferred_lft forever
9: vethc8a084d@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 15
00 qdisc noqueue master docker0 state UP group default
link/ether 3e:0e:40:fd:a1:ba brd ff:ff:ff:ff:ff:ff link-
netnsid 1
inet6 fe80::3c0e:40ff:fefd:a1ba/64 scope link
valid_lft forever preferred_lft forever
11: veth853b036@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc noqueue master docker0 state UP group default
link/ether b6:34:fa:24:16:40 brd ff:ff:ff:ff:ff:ff link-
netnsid 0
inet6 fe80::b434:faff:fe24:1640/64 scope link
valid_lft forever preferred_lft forever
Alles anzeigen
5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noque
ue state UNKNOWN group default qlen 1000
link/none
inet 10.253.3.1/24 scope global wg0
valid_lft forever preferred_lft forever
Good, the wg0 network is UP.
Now I need the outuput of the second command:
sudo systemctl status wg-quick@wg0.service
And it seems you need to change all references from eth0(usual name for the wired connection) to enx001e06367807 (that IS your wired connection)
4: enx001e06367807: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 15
00 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:1e:06:36:78:07 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.66/24 brd 192.168.1.255 scope global enx0
01e06367807
valid_lft forever preferred_lft forever
Your wg0.conf will become this:
[Interface]
Address = 10.253.3.1/24
SaveConfig = true
PrivateKey = <insert server_private_key>
ListenPort = 51900
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enx001e06367807 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enx001e06367807 -j MASQUERADE
[Peer]
PublicKey = <insert client_public_key>
AllowedIPs = 10.253.3.2/32
Alles anzeigen
Changing eth0 to enx001e06367807 in PostUp and PostDown is solution for my problem.
Now I can connect my LAN and all services.
Soma - thank you so much for the help
One question.
After reboot I can see new line in wg0.conf at the bottom:
Endpoint =
[Interface]
Address = 10.253.3.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enx001e06367807 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enx001e06367807 -j MASQUERADE
ListenPort = 51820
PrivateKey =
[Peer]
PublicKey =
AllowedIPs = 10.253.3.2/32
Endpoint = some ip:24451
Alles anzeigenChanging eth0 to enx001e06367807 in PostUp and PostDown is solution for my problem.
Now I can connect my LAN and all services.
Soma - thank you so much for the help
Endpoint = some ip:24451
The Endpoint is the IP/ADDRESS that wireguard will route the connection.
That IP should be your outside WAN IP.
My setup was done a long time ago and the Endpoint is on the wg0-client.conf and NOT on the wg0.conf.
Maybe something changed in the new versions.
What matter's is, it's working good now,
This was very valuable information. So it was not docker or network bridge related, which helped a lot to narrow it down.
Same problem with wireguard "outside docker".
I cannot access LAN devices but only services on my NAS where is wireguard installed.
Even though my idea with an issue with either iptables or bridge related configuration was wrong, finally we found the root cause on the way
My network interface is not eth0 but
enx001e06367807.
I see that eth0 is used in wg0.conf for PostUp and PostDown.
Maybee is problem related with network interface naming?
Soma Thanks for staying with this investigation for so long. Tough stamina
Even though my idea with an issue with either iptables or bridge related configuration was wrong, finally we found the root cause on the way
Also my thoughts at first.
The docker container uses "NET_ADMIN" which gives it full access to a bridged connection with the HOST.
I would assume that, regardless of the name of the ETH connection, it would always recognize it.
After moving the wireguard to the HOST, it became easy to narrow down the issue,
I've been trying to set a test Pi with docker-wireguard but, in the house I'm staying ATM, I don't have access to the router to make the portforwarding.
When I get home, I might be able to test it.
One more thing.
How can I add or remove clients to wireguard?
Is there any GUI to hepl me or I need add/remove in cli?
One more thing.
How can I add or remove clients to wireguard?
Is there any GUI to hepl me or I need add/remove in cli?
If you mean, remote clients to the wireguard, you can:
Use the same peer configuration but don't connect both at the same time.
If you really need multiple connections, you can have a look at this but be carefull or you might need to redo everything again:
See after Edit client template: and adjust to your needs.
Congratulations and thanks for not giving up, Soma . This thread was already lost. Great job.
How can I add or remove clients to wireguard?
If you installed it with docker, to configure more clients you just have to define PEERS = 1 for one client, PEERS = 2 for two clients, PEERS = 3 for three clients ... In the "config" folder of wireguard you will have the folders "peer1 "," peer2 "," "peer3", ... and within each folder the configuration files for each client.
Is there any GUI to hepl me or I need add/remove in cli?
Here is a guide where the above is also explained. [How-To] Install Wireguard (VPN) in docker, server mode You can see how to edit the stack in point 9 of this link. [How to] Prepare OMV to install docker applications (beginners)
If you installed it with docker
Wireguard is now installed on the HOST, 😉
You should write a [How-To] showing how to set up Wireguard from a container. Especially:
How the variables in the yml should be set.
How to set up the tunnel once deployed.
How to set up a Rsync job between two machines.
Done...
[How to] Remote server backup with Wireguard + Rsync
I did not make the guide for a container, I did it to install the Point to Point connection on the host. The linuxserver container does not support this type of connection.
I can't wait to try it out.
It works well for me. If something doesn't work for you, tell me, I've spent a lot of time studying the correct settings. There are several ways to do it.
I did not make the guide for a container, I did it to install the Point to Point connection on the host. The linuxserver container does not support this type of connection.
Isn't this what is needed?
Releases · linuxserver/docker-wireguard (github.com)
Zitatv1.0.20210914-ls49
LinuxServer Changes:
Add site-to-site vpn support.
Remote Changes:
Updating to v1.0.20210914
Isn't this what is needed?
I don't know if they have already modified it. A couple of weeks ago I was not supported. Anyway that's for a site-to-site connection type. What I have done is Point to Point. Is not the same. You can see it here. https://www.procustodibus.com/…/10/wireguard-topologies/
Also Wireguard should not be a problem on the host. Wireguard is built into the Linux kernel. It should not interfere with OMV at any time.
TechnoDadLife did a direct install video here a while back. I’m not sure if it is the same as your direct install or not chente . I couldn’t find the link on the forum but here is the YouTube link:
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!