![]() It is necessary to type in the public key from the second server and i needed so much time to figure out that this peer configuration is setting the client on the server and is not needed for exporting. This had me confused the most because i didnt understand that i configure there something for the client on the server and the export feature is more or less useless, but still why is there my LAN ip adress in the exportet configuration when i use server server configuration.Īlso what is confusing me is that i can type in a private shared key into the config on the peer in the server configuration or generate one. It is really confusing for example the server server configuration i configure the client on the server for connecting another server. If you haven't seen the WireGuard quickstart guide yet, it has a lot of good info: this is a convenience setting only, as the client can change it to whatever they want. The "Peer type of access" dropdown affects the values of "AllowedIPs" that is sent to clients. What i would be searching for would be a setting custom, without anything set beforehand in the allowed IPs Its funny because the setting is mandatory but it doesnt matter what i type in there^^ Testet this with server server and Remote access to Server. I checked the defined routes on the unraid server but they are defined correctly as i see.Īlso found another Bug: As i see it doesnt matter what i type into Peer allowed IPs, it will be ignored when i export the config with the eye. As it looks the unraid server pings the IP adress of the client with the Adress from Tunnel wg0. I really dont understand why this happens. I really dont understand how this can be possible? I didnt defined this IP anywhere on my unraid server at the moment, is it possible that wireguard still use this IP in the background? Pinging the IP Adress from my server results only in losses. When i define in the config on my client AllowedIPs also the default IP Gateway Adress (10.253.0.1/32) from Tunnel wg0, then the Ping from my unraid server to client is working. In this moment it has in Peer allowed IPs only the Tunnel wg1 Gateway defined, what is correct as i understand. Pinging from the client the server address (10.253.1.1) is working fine. When i connect a client on tunnel wg1 and i try to ping the device after success connection it isnt working. Server: 10.253.0.5 (yes this is on purpose) So this would mean i need to create for every user an additional tunnel (and set firewall rules for networks) when the user needs other wrigts in the network because the user could add additional routes every time?ĭont know if i speak with myself here but ok^^įound out the following, pinging from my unraid server to the Remote Connected Device dont work often or for example when only connections to my server would be allowed and so i tried to debug. When the user now adds another IPs adresses from the local network, these also works. Slowly i begin to understand how it works but i see a little security problem if someone uses only the predefined peer types without setting the firewall settings.Īs i see when i set in the config "Allowed IPs" only the Server IP Adress it gets copied in the config. Hope this helps people and thank Lars for his blog. Ip link add mynet-shim link br0 type macvlan mode bridge ![]() Then I added the other macvlan and these ip routes. I deleted the network that the unraid gui made then I set up my docker network with the following.ĭocker network create -d macvlan -o parent=br0 -subnet 192.168.1.0/24 -gateway 192.168.1.1 -ip-range 192.168.1.128/28 -aux-address 'host=192.168.1.223' mynet Then create another macvlan network to communicate to the containers. Instead of letting unraid create the docker network do it yourself and use the -aux-address option. I found this blog by Lars Kellogg-Stedman which describes the problem and a solution. ![]() Like a lot of people here I couldn't access my dockers on custom IP address using the default macvlan network that unraid creates. First of all thanks for the wireguard gui creating a vpn has never been easier.
0 Comments
Leave a Reply. |