Thank you for your detailed post. This networking subject is compeletely new to me so I'll have to do some reading first. I will get back to you when I'm stuck again
Posts by Thomasolicious
-
-
The wg server adresses are setup automatically by the docker image. Connecting to the internet works perfectly fine this way but indeed the problem might be that the smb shares cannot 'see' the wg server. Can you give me some directions how to implement this ip route?
-
Hi all,
I've asked this question before in an open topic but I think it didn't reach the majority of the users. Therefore I'm creating this new topic in the hope that someone can help me. I have been struggling with the wireguard vpn for months now and I can't get it to work properly. I think I have googled all relevant aspects and tried a lot of things myself but I can't figure out what the problem is. Therefore I'm hoping someone in this community can help me get in the right direction.
I've set up wireguard using docker using:
Code
Display Moredocker create \ --name=WireGuard \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ -e PUID=0 \ -e PGID=0 \ -e TZ=Europe/Amsterdam \ -e SERVERURL=auto \ -e SERVERPORT=51820 \ -e PEERS=1 \ -e PEERDNS=192.168.0.100 \ -p 51820:51820/udp \ -v /srv/dev-disk-by-label-Disk1/Appdata/WireGuard/config:/config \ -v /srv/dev-disk-by-label-Disk1/Appdata/WireGuard/lib/modules:/lib/modules \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart unless-stopped \ linuxserver/wireguard
PUID=0 and GUID=0 refers to the root user to avoid permission problems, the SERVERURL=auto gives the correct address and with the dns pointing to my PiHole which runs on a different server. This configuration works in the sense that I'm able to connect to the internet and observe that it uses my PiHole to solve dns requests. However, I'm unable to access my shares on the network I'm connecting to. Tried circumventing my PiHole by using 1.1.1.1 as dns server which resulted in the same issues; can connect to internet but not able to see shares.
Are there specific OMV firewall rules that I don't know the existence of that prevent me from accessing my shares via the wireguard vpn?
My configs:
wg0.conf
Code[Interface] Address = 10.13.13.1 ListenPort = 51820 PrivateKey = xxxxx PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s25 -j MASQUERADE [Peer] PublicKey = xxxxx AllowedIPs = 10.13.13.2/32
peer1.conf
Code[Interface] Address = 10.13.13.2 PrivateKey = xxxxx ListenPort = 51820 DNS = 192.168.0.100 [Peer] PublicKey = xxxxx Endpoint = xxxxx:51820 AllowedIPs = 0.0.0.0/0, ::/0
Looking forward to your suggestions,
Thomas
-
After some more googling I might have found a reason why some things work and others don't. I think there might be a conflict in the internal subnet. However, I'm quite a novice on this topic but always willing to learn. Does anyone see an issue in the internal subnet which could cause my problems?
-
I think I have similar issues to the ones you were encountering Wek, I have been stuck trying all kinds of configurations for weeks now..
My configuration is the following:
OMV server running on <MY EXT. IP>
PiHole DNS running on different server 192.168.0.100
I'm trying to run Wireguard in docker using the following to create the docker:
Code
Display Moredocker create \ --name=WireGuard \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ -e PUID=0 \ -e PGID=0 \ -e TZ=Europe/Amsterdam \ -e SERVERURL=<MY EXT. IP> \ -e SERVERPORT=51820 \ -e PEERS=1 \ -e PEERDNS=192.168.0.100 \ -p 51820:51820/udp \ -v /srv/dev-disk-by-label-Disk1/Appdata/WireGuard/config:/config \ -v /srv/dev-disk-by-label-Disk1/Appdata/WireGuard/lib/modules:/lib/modules \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart unless-stopped \ linuxserver/wireguard
Which produces the following for wg0.conf:
Code[Interface] Address = 10.13.13.1 ListenPort = 51820 PrivateKey = xxxxxx PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s25 -j MASQUERADE [Peer] PublicKey = xxxxxx AllowedIPs = 10.13.13.2/32
Yes, I switched eth0 to enp0s25 because that's the name of my omv ethernet adapter.
And peer1.conf:
Code[Interface] Address = 10.13.13.2 PrivateKey = xxxxxx ListenPort = 51820 DNS = 1.1.1.1 [Peer] PublicKey = xxxxxx Endpoint = <MY EXT. IP>:51820 AllowedIPs = 0.0.0.0/0, ::/0
Port 51820 is forwarded and the command "sysctl net.ipv4.ip_forward" nicely returns "net.ipv4.ip_forward = 1". I have tried setting "PEERDNS=192.168.0.100", "PEERDNS=1.1.1.1" and "PEERDNS=auto" but result in a working internet connection when connected to wireguard server.
Am I doing something fundamentally wrong here which is preventing me from succeeding?
Kind regards,
Thomas
___________________________________________
Edit: configuring "PEERDNS=192.168.0.100", i.e. setting it to my PiHole and fully rebuilding the docker solved my problems partially. I can now connect to the internet and I can indeed see that my PiHole is handling my DNS requests. However, I cannot access my SMB shares. Is there some kind of firewall rule I need to edit inside OMV that I don't know of to be able to access my shares when using WireGuard vpn?