Search the Community

Hello! I have made a small OMV NAS with a RPi and everything is working well locally, but I want to be able to access it remotely when travelling. I am very new to RPi and OMV so I did a lot of research to determine Wireguard would be perfect for that. I found a number of guides how to do that on YouTube, but every single one is outdated and most use PiVPN which is now discontinued and I don't think necessary when we have Wireguard as a plugin. Would someone please guide me through the steps to correctly setup the Wireguard 6.3.7 plugin so I can access my Raspberry Pi OpenMediaVault 6 NAS from the Internet? Thank you and I really appreciate your help!

Hi everyone, After building and setting up my first TrueNAS server, I'm running into a problem. Because of space constraints i cannot have the server at home e.g. not on my local network. I do have a WireGuard server running on my UDR at home. I therefore want to add the TrueNAS server as a client using the TrueCharts WireGuard app (Although I am open to other suggestions). The problem I'm running into is this: Unable to attach or mount volumes: unmounted volumes=[configfile], unattached volumes=[varlogs varrun configfile devshm shared tmp]: timed out waiting for the condition From this I deduct that the .conf file can't be attached, but I cannot figure out why. My .conf filepath in the app configuration is: /mnt/Middle\ Earth\ ONE/VPN/wg.conf which should be the right path since: admin@truenas[~]$ cd /mnt/Middle\ Earth\ ONE/VPN admin@truenas[/mnt/Middle Earth ONE/VPN]$ ls wg.conf admin@truenas[/mnt/Middle Earth ONE/VPN]$ Hope one or more of y'all can help me

Im getting in a dead way here. I have tried Tailscale, Wireguard, SSH and I dont know what else to try. I need remote access that can: -Get full or almost full speed despite being behind a NAT -Share folders with friends/family -Supports Windows -Simple to setup I have my Windows NAS, I can open my ports and stuff, I just need something that can accomplish those requierements above

Hello to you all! maybe someone here is able to help… I’m using Nextcloud since quite some time now and are experiencing some very frustrating problems ever since… especially during big uploads from remote and thus trough cloudflares tunnel i get errors every time. This is happening when I try to upload a bunch of files or a single file exceeding 100mb in size. I want a good solution not a its good enough thingy… so chunking or something like that is out of the race. When you are reading the reverse proxy documentation from Nextcloud AIO: https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel they are throwing light on quite a lot as big problems as the 100mb limitation problem… I have an Tailnet for accessing all not publicly accessible services and found out that 100% Cloudflare is the problem… I have read that the cloudflared tunnel app is a waste product… yes it is indeed exactly that for me. Don’t get me wrong i love Cloudflare for what it is. You have all kinds of dns entry options which are needed if you are hosting for example a mailserver… Therefore leaving them completely is not an option… at least for now. But for tunneling I have to find another solution… Anyway, I have tried a solution with that you are able to bypass a cgnat via WireGuard in theory… oh yes i know cgnat is as always the elefant in the room. I have got it kind of working but i can only open the npm default page nothing else set up inside of npm. (DigitalOcean VPS with Wireguard on it tunneling to a local server with Wireguard and a bunch up tables command’s and let cloudflares dns point to the VPS. If you want to know more about that please just ask me). Locally in my home network npm is working like it should. Please let there be someone who can help me set up an solution. A real unlimited selfhosted (preferably easy) solution… And a solution which is not designed especially for containers nor which is necessarily involving a reverse proxy… as always I’m hoping for the kind help of this community… Thanks!

Hello everybody, I got a Wireguard Server set up on my local Docker host. I also got a NAS in the same home Network. The VPN Connection works fine as far as Internet access is concerned. This applies to both my Windows Laptop and Android Phone. However I cannot access my NAS from the Laptop, although it works via the Android Phone. I also can't "see" any of the other Devices in my Home Network via the VPN as I want to. Do I have to set up some extra Settings for tunnelling and accessing into my Home Network directly? Wireguard output if that helps: Cheers

So I'm trying to make a Wireguard VPN that allows me to access devices on my home network remotely while still routing my internet traffic through another wireguard VPN (windscribe). I have basically 0 knowledge about creating routes and stuff but I assume that would be the way to accomplish this. The furthest I've gotten is using Wireguard VPN Server for Windows to allow me to connect and relay traffic through windscribe but it doesn't allow access to local devices. Under Linux I did get PiVPN to work but it was slower (same specs and NIC) and I also couldn't get to local devices. RN I have a VM on my server with a dedicated gigabit NIC on a Hyper-V switch for testing things.

Basically we are trying to use a vpn to share file between each other but despite both of our internet connections being 500+mb/s we can only get ~50mb/s between us when tested with iPerf (and file copies). getting someone closer to me to connect it's much better (~200mb/s) but still not ideal. (speeds were exactly the same with the vpn disabled and the iperf3 port open/using my public address) what's weird is I can connect to another vpn server even further away and get well over 500mb/s down and ~150mb/s up. I'm hosting the VPN server on a pfSense box (with wireguard) I'm assuming it just be like that but if there is something I'm missing that would be helpful, thanks.

[I can attach my config file link... Here it is . My Wireguard Config file edgerouter ER-X ] (Note I have decided to try without vlan first to see if I set it up right.) Hi I have installed wireguard on my ER-X, I have a vlan just to be used for wireguard.... Basically I just want to route traffic that is coming from vlan to the wireguard interface. I have set it up as two network... one is 192.168.1.1 the vlan is configure to 192.168.100.1. The vlan is on Eth2 with an Access Point attach to it, so in summary all devices in the AP should be routed to Wireguard. What commands in the CLI should I use?, I'm not familiar with CLI but can follow a well written guide, most of the guides out there are set for the ER-X to be server rather than the client. Can anyone please guide or help me in this regard?. I already know the Public key and private keys even the server (Peer's address) I just don't know what commands or structure should I follow. Thanks in advanced

So I recently moved pfSense to a new system (2x xeon e5-2620, 16gb RAM) (fresh install, not backup/restore) and wireguard speeds are significantly slower than both running the wireguard app on windows and connecting to the same server & the old system that had pfSense on it (fx-7600p, 4gb RAM). I'm connecting to the same server on all tests: without a vpn: 924mbps down 511mbps up running wireguard on my windows pc/(speeds are similar on pfSense on the old hardware), this also flucuates between ~400-700mbps down most of the time: 564mbps down 133mbps up running wireguard on pfSense: 158mbps down 196mbps up I've also tried different servers and ports and that doesn't seem to make any difference. (& MTU/MSS is set to 1420, tried lowering it to 1280 and that also didn't make a difference.)

Hey all, I use WireGuard as my VPN of choice since I just wasn't ever getting great mileage out of OpenVPN every time I used it. As of now it's running on pfSense. However, since pfSense maintains its own packages alongside the FreeBSD official repo, I noticed where pfSense's WireGuard is on version 1.6_2, FreeBSD is on 2.1. Similarly, packages like wireguard-kmod are now 6 months out-of-date. Typically I wouldn't bat an eye to this but since WireGuard is a more experimental (and, in the past, hacked-together mess of a) VPN I figured it would be best for security that they would stay more up-to-date. Is it safe to be on these (relatively) outdated packages for everyday use, and would it be wise (or work well at all with pfSense's web configurator) to use the more up-to-date FreeBSD binaries?

Hi LTT, I have a question that I have been stuck on now for a while and need help (the sooner the better)! OK first thing is first my budget is not big so the cheaper the better. Performance I am looking for, WireGuard at 1Gbit Up/Down, Pfsense/OpenSense at 1Gbit UP/Down and approx 100 IoT devices for Home Assistant *(I have no idea about Home Assistant at all) Scenario one a server that can run Pfsense/OpenSense, WireGuard, Home Assistant at the same time. Scenario two a server that can run Pfsense/OpenSense, WireGuard, at the same time. And a solution for Home Assistant Scenario three a server that can run Pfsense/OpenSense, a other for WireGuard, and one for Home Assistant Now I know Pfsense/OpenSense have Wireguard extensions but they if i have understood are UserLand, and they cant reach the speed I would want. I am well aware there might be several problems with this so if you see one please inform me! In Advance thanks even if you couldn't help! :)

Ubuntu 22.04 Cloud VM. Using iptables persistent. Saved rules file located in: /etc/iptables/rules.v4 Using this command to load changes to iptables. All changes are made by editing the rules.v4 file and restoring: sudo /sbin/iptables-restore < /etc/iptables/rules.v4 Spoiler: Network Information (VNICs, Subnets, etc) Summary: I have 3 VNICs, along with 2 OpenVPN Servers, 2 Wireguard Servers, 1 Tailscale Client and 2 ZeroTier One subnets. Here are iptables rules that I think might be important to the problem - The specific problem I have, only happens with all wireguard servers, with a "limited" user. I have a limited user, named "limited", which should: Have full access / should be fully accessible from any of the VPN subnets Should have no internet access, for security. All users besides the limited user can access everything normally. To the best of my knowledge, iptables works with "first matching rule wins". I created my rules based on that logic so far. Also to the best of my knowledge, the matching logic below does not work when used with INPUT. -m owner --uid-owner username_or_uid To limit the "limited" user, here are the rules I created with logic - First, allow the limited user on all VPN subnets: -A OUTPUT -o wg0 -m owner --uid-owner limited -j ACCEPT -A OUTPUT -o wg2 -m owner --uid-owner limited -j ACCEPT -A OUTPUT -o zt0 -m owner --uid-owner limited -j ACCEPT -A OUTPUT -o zt1 -m owner --uid-owner limited -j ACCEPT -A OUTPUT -o tailscale0 -m owner --uid-owner limited -j ACCEPT -A OUTPUT -o tun0 -m owner --uid-owner limited -j ACCEPT -A OUTPUT -o tun2 -m owner --uid-owner limited -j ACCEPT Then, drop all output to either of the VNICs: -A OUTPUT -o enp0s3 -m owner --uid-owner limited -j DROP -A OUTPUT -o enp1s0 -m owner --uid-owner limited -j DROP -A OUTPUT -o enp2s0 -m owner --uid-owner limited -j DROP User "limited" is able to ping any device connected through Tailscale, ZeroTier One and OpenVPN. I can use this command below, to "watch" how many packets matched the rules, by using this command: sudo watch -n1 -d "(iptables -tfilter -vnxL;iptables -tnat -vnxL;iptables -tmangle -vnxL;iptables -traw -vnxL;iptables -tsecurity -vnxL) | grep -vE 'pkts|Chain' | sort -nk1,1hr | column -t" User "limited" is NOT able to ping any device connected through either of the Wireguard servers. Two rules get triggered when I try to ping any device on wireguard subnet at the same time. Here are other rules I tried to use which would do the same thing, that DID NOT WORK. The final attempt I made to try and make this work has a very interesting result, which confirms that two rules are matching at the same time. If I add a rule that accepts all packets from the internal ipv4 address of enp0s3 (default vnic) - -A OUTPUT -m owner --uid-owner limited -s 10.0.0.175 -j ACCEPT Everything works and nothing is blocked for the "limited" user. (the ipv4 address 10.0.0.195 is the internal ipv4 of the VM for interface enp0s3) Indicating that iptables knows that packets coming to "limited" user from either wg0 or wg2 interface, are actually from an external source that is not in 192.168.x.x range and matches enp0s3 or enp2s0 output interfaces. 1. How are two rules getting matched at the same time, and why is DROP rule winning? 2. How does iptables know that packets coming to wireguard are from an external source? 3. Why does this happen only with wireguard and not with any other VPNs I have set up? 4. Is there any other way I could block all internet access from "limited" user and still be able to connect to devices on VPN subnets? I could not find answers to this problem anywhere and I have no idea why this is happening. Any help, suggestions and explanations would be nice. Thanks in advance!

Hi I would like to access an admin Interface over the internet. I dont want a Gateway to access the internet. Anybody knows an guide, script, users that could help me. Thanks for ur answer, BLVCKRIPPER