Closed QuantumForced closed 8 months ago
Can you manually connect to the Samba share using Finder when you’re on your VPN? Just curious if it is a routing problem when connected to the VPN.
Not sure how well it’ll perform over a connection like that but then again, it’s not exactly the fastest over any network.
I am able to connect to Samba shares (such as: appdata, media) while Wireguard or Tailscale is turned on, ie 'smb://192.168.1.30/appdata'. However, 'smb://192.168.1.27/TimeMachine' leads to the error 'There was a problem connecting to the server "192.168.1.27"' while either VPN is turned on, but works fine with either VPN turned off.
Sounds like a VPN config issue. If you post some wireguard configs without the private keys, I can spot check them.
Here's some of the configs I've tried with Wireguard:
'Remote access to LAN'
[Interface]
PrivateKey = XYZ
Address = 10.253.0.2/32
DNS = 192.168.1.254
[Peer]
PublicKey = XYZ
PresharedKey = XYZ
AllowedIPs = 10.253.0.1/32, 192.168.1.0/24
Endpoint = 217.42.29.240:51820
'Remote tunneled access'
[Interface]
PrivateKey = XYZ
Address = 10.253.0.2/32
DNS = 192.168.1.254
[Peer]
PublicKey = XYZ
PresharedKey = XYZ
AllowedIPs = 0.0.0.0/0
Endpoint = 217.42.29.240:51820
Looks like you're not forwarding any traffic. Typically that is done using PostUp
/PostDown
commands with iptables
to allow forwarding on the end on your network (the "server", not the "client"); something similar to what's found here: https://www.reddit.com/r/WireGuard/comments/ky2kfg/wireguard_for_internet_and_remote_lan_access_my/
Apologies for the late reply here! The two configs I posted above are client configs (not sure if you wanted the server one, in hindsight probably, i have added it below). In respect to the two client configs above, the first one grants me access to my LAN devices and the second one grants me access to my LAN + routes my internet traffic as I can see it changes my public IP address to that of my home. However, neither of the two allow me to connect to the time machine share on 192.168.1.27
Server config:
[Interface]
#QVPN
PrivateKey=XYZ
Address=10.253.0.1
ListenPort=51820
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started';/usr/local/emhttp/webGui/scripts/update_services
PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped';/usr/local/emhttp/webGui/scripts/update_services
PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE
PostUp=ip -4 route flush table 200
PostUp=ip -4 route add default via 10.253.0.1 dev wg0 table 200
PostUp=ip -4 route add 192.168.1.0/24 via 192.168.1.254 dev br0 table 200
PostDown=ip -4 route flush table 200
PostDown=ip -4 route add unreachable default table 200
PostDown=ip -4 route add 192.168.1.0/24 via 192.168.1.254 dev br0 table 200
[Peer]
#QWG-LAN
PublicKey=XYZ
PresharedKey=XYZ
AllowedIPs=10.253.0.2
[Peer]
#QWG-TUNNELED
PublicKey=XYZ
PresharedKey=XYZ
AllowedIPs=10.253.0.3
I'm seeing some stuff in there related to 'br0', which I also notice is what's selected in the container settings under 'Network Type = Custom : br0' (see my screenshots at the top of the thread)
When I had wireguard setup, I had this for my PostUp iptables
rules with enp3s0
being my wireguard server's network interface:
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE
I fumble my way through iptables where I learn what I need to and quickly forget it after I've saved itso I am not sure if I would be of any help in understanding the differences there or if it would have any impact if you do not have the forwarding enabled.
I've had no problems via TailScale, and no need to do any special configuration (via Tailscale Unraid plugin + macOS client).
Edit : Oups, forget it, doesnt work , i just mounted the drive on macOS with tailscale, but timemachine can't backup on it ^^
Quick update: turns out a subnet clash while over VPN was the reason I was having issues. I recently setup an OPNsense firewall in place of my ISP's router, and resolved the issue upon changing from a 192.x address to a 10.x + assigning a static route. Not sure if I should close this, please close if appropriate - many thanks
Describe the Bug
Hi, I often travel and would like my Macbook to backup to my Unraid TimeMachine share while I'm abroad. I'm fairly new to docker/unraid/networking, so excuse any incorrect terminology. I used the Community Apps tab within Unraid to add this docker container, it works great while at home. However, using '.local' isn't supported by either VPN when trying to connect to the share in Finder, so I have set 'Fixed IP address' in the Unraid container options to 192.168.1.27, as instructed here on the Unraid forum. At this point, the share continues to work internally. However, if I now enable Wireguard or Tailscale while outside of my home network, my Macbook is unable to connect to the share:
Here's a screenshot of the Unraid container settings, the docker run command is also detailed below + log.
I must be missing something, any help would be really appreciated - thank you
Expected Behavior
Successful connection to TimeMachine via Wireguard or Tailscale after setting Fixed IP Address.
Steps to Reproduce
How You're Launching the Container
Container Logs
Additional Context
No response