Beiträge von darkopi

Change this line did not help

Address = 10.13.13.1/24

iptables-legacy --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination


Chain FORWARD (policy ACCEPT)
target     prot opt source               destination


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

iptables --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9000
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:8000
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:8000
ACCEPT     udp  --  anywhere             172.17.0.4           udp dpt:51820

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

wg0.conf

[Interface]
Address = 10.13.13.1
ListenPort = 51820
PrivateKey = 
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# peer_mi9t
PublicKey = 
AllowedIPs = 10.13.13.2/32

peer_mi9t.conf

[Interface]
Address = 10.13.13.2
PrivateKey = 
ListenPort = 51820
DNS = 8.8.8.8

[Peer]
PublicKey = 
Endpoint = ddnsip:51820
AllowedIPs = 10.13.13.1/32, 192.168.1.0/24

Zitat von Shakesbeer

I am missing some details here. Maybe it is not a server issue, but a client issue?

I understood that you can successfully connect to your OMV server using wireguard, but not to any other servers on the same network.

Could you post the following information for us:

- What network is your client on and which IP does it have?

- When you have the connection established, can you do a traceroute to one of the other systems on the LAN? (Just to make sure that this is not a routing issue, and only the traffic to the OMV gets routed through the wireguard tunnel, and all other traffic uses your default gateway).

- Then do a traceroute to the OMV server.

Please post the output here (by using the </> code formatting).

Alles anzeigen

All the time I can connect all services on My NAS where is wireguard server (192.168.1.66) bu I can not connect anything else on my LAN.

When i try to connect 192.167.1.77 or any other LAN ip with ssh I got this error

Faild to connect to /192.168.1.77 (port 22) from /:: (port 38358) connect failed: ETIMEDOUT (Connection timed out)

On my client I have Allowed IPs: 10.13.13.1/32, 192.168.1.0/24

When I set PEERDNS=8.8.8.8 in yml notting change.

I have loop error when docker-compose up ...

I do not have another vpn only wireguard in docker.

I have in docker:

portainer

yacht

radarr

bazarr

yackett

plex

pyload

I did not change port.

I can only make a wireguard docker if I add the line network_mode: bridge to docker-compose.yml

If I try to make a wireguard docker without that line I get an error:

wireguard | [FATAL] plugin/loop: Loop (127.0.0.1:60923 -> :53) detected for zone ".",....

What can I do than?

Remove NET_ADMIN from yml, or ...?

I will add PEERDNS=8.8.8.8 to yml

I can only make a wireguard docker if I add the line network_mode: bridge to docker-compose.yml

If I try to make a wireguard docker without that line I get an error:

wireguard | [FATAL] plugin/loop: Loop (127.0.0.1:50437 -> :53) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 500036817.976505179."

wireguard | Another service is using port 53, disabling CoreDNS

This means that a wireguard docker can only connect to an existing network (bridge) on which there are already portainer and yacht dockers and cannot connect it to its separate bridge network without errors.

OMV5 installed on OdroidHC2

I changed the path, but again I have an error:

wireguard | [FATAL] plugin/loop: Loop (127.0.0.1:60923 -> :53) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 1558821150.637681330."

wireguard | Another service is using port 53, disabling CoreDNS

I forgot to write that I can only make a wireguard docker if I add the line network_mode: bridge to docker-compose.yml

If I try to make a wireguard docker without that line I get an error:

wireguard | [FATAL] plugin/loop: Loop (127.0.0.1:50437 -> :53) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 500036817.976505179."
wireguard | Another service is using port 53, disabling CoreDNS

This means that a wireguard docker can only connect to an existing network (bridge) on which there are already portainer and yacht dockers and cannot connect it to its separate bridge network without errors

I will try OpenVpn and remove wiregurd docker from my NAS.

How can I remove Wireguard kernel header and module?

This is all ok but simply wont work for me

Zitat von Soma

What kind of servers? What services are they running?

1. raspi - homeassistant

2. raspi - webgrab++, ftp, samba,...

3. odroid hc2 - openmediavault

...

Zitat von chente

- ALLOWEDIPS = 0.0.0.0 / 0

Did not help

I wont to see another servers on my LAN (not only NAS where is wireguard installed) when I am connected to wireguard

I can connect only to my NAS where is wireguard server.

I hope I can connect to all devices on my lan.

I was trying with that but without succes:

sysctl -w net.ipv4.ip_forward = 1


What can I more try to fix this?

Wireguard (vpn) between server and my android phone work ok, but without access to another devices on lan I will not by happy 🙁


I can access to NAS where is wireguard server installed and I can access services and shares on that NAS but I want to have access to another servers and devices on my LAN.

version: "2.1"

services:

wireguard:

image: ghcr.io/linuxserver/wireguard

container_name: wireguard

cap_add:

- NET_ADMIN

- SYS_MODULE

environment:

- PUID=1000

- PGID=100

- TZ=Europe/Zagreb

- SERVERURL= my public IP

- SERVERPORT=51820

- PEERS=1

- PEERDNS=auto

- INTERNAL_SUBNET=10.13.13.0

volumes:

- /docker/wireguard/config:/config

- /docker/wireguard/modules:/lib/modules

ports:

- 51820:51820/udp

sysctls:

- net.ipv4.conf.all.src_valid_mark=1

restart: unless-stopped

Peer1 conf:

[Interface]

Address = 10.13.13.2/32

DNS = 10.13.13.1

[Peer]

AllowedIPs = 0.0.0.0/0

Endpoint = myip:51820

Wg0 conf:

[Interface]

Address = 10.13.13.1

ListenPort = 51820

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]

# peer1AllowedIPs = 10.13.13.2/32