Comments (7)
@McFabi please could you post here your add-on configuration? Please pay attentions to NOT share private information, please obfuscate these parts! And, if you could also post the generated wireguard file (under /etc/wireguard/wg0.conf).
Cheers
from addon-wireguard-client.
Thanks for your help:
My Add-on Config:
interface:
private_key: key
address: 10.7.0.4
dns:
- 8.8.8.8
- 8.8.4.4
post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
peer:
public_key: key
pre_shared_key: key
endpoint: 'my_wireguard_server_ip:51820'
allowed_ips:
- 0.0.0.0/0
persistent_keep_alive: '25'
log_level: trace
[Interface]
PrivateKey = key
Address = 10.7.0.4/24
DNS = 8.8.8.8,8.8.4.4
PostUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
[Peer]
PublicKey = key
PreSharedKey = key
Endpoint = server:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
The configuration looks good. The file was in the docker container of the corresponding add-on. Is that where it should be?
What's a little bit strange for me: I have docker -it in the container and tried to set the "sysctl -q net.ipv4.conf.all.src_valid_mark=1" and the Read only filesystem error came.
from addon-wireguard-client.
Maybe this will help you:
➜ ~ docker exec -it 39ddab32110f bash
root@fd24a922-wireguard-client:/$ ls -l
total 80
drwxr-xr-x 1 root root 4096 Feb 1 17:07 bin
drwxr-xr-x 2 root root 4096 Apr 9 08:16 data
drwxr-xr-x 17 root root 3920 Apr 8 09:25 dev
drwxr-xr-x 1 root root 4096 Apr 9 08:16 etc
drwxr-xr-x 2 root root 4096 Jan 14 12:51 home
-rwxr-xr-x 1 root root 389 Oct 20 14:52 init
drwxr-xr-x 1 root root 4096 Feb 1 17:07 lib
drwxr-xr-x 2 root root 4096 Oct 9 17:22 libexec
drwxr-xr-x 5 root root 4096 Jan 14 12:51 media
drwxr-xr-x 2 root root 4096 Jan 14 12:51 mnt
drwxr-xr-x 2 root root 4096 Jan 14 12:51 opt
dr-xr-xr-x 232 root root 0 Apr 9 08:16 proc
drwx------ 2 root root 4096 Jan 14 12:51 root
drwxr-xr-x 1 root root 4096 Apr 9 08:16 run
drwxr-xr-x 1 root root 4096 Feb 9 20:12 sbin
drwxr-xr-x 2 root root 4096 Jan 14 12:51 srv
drwxr-xr-x 3 root root 4096 Apr 8 09:01 ssl
dr-xr-xr-x 12 root root 0 Jan 1 1970 sys
drwxrwxrwt 2 root root 4096 Jan 14 12:51 tmp
drwxr-xr-x 1 root root 4096 Feb 9 20:12 usr
drwxr-xr-x 1 root root 4096 Jan 14 12:51 var
As you can see the sys filesystem has no write access.
Is it possible for you to set the flag while building the container?
from addon-wireguard-client.
Thanks for your help:
My Add-on Config:interface: private_key: key address: 10.7.0.4 dns: - 8.8.8.8 - 8.8.4.4 post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE peer: public_key: key pre_shared_key: key endpoint: 'my_wireguard_server_ip:51820' allowed_ips: - 0.0.0.0/0 persistent_keep_alive: '25' log_level: trace
[Interface] PrivateKey = key Address = 10.7.0.4/24 DNS = 8.8.8.8,8.8.4.4 PostUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE [Peer] PublicKey = key PreSharedKey = key Endpoint = server:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25
The configuration looks good. The file was in the docker container of the corresponding add-on. Is that where it should be?
What's a little bit strange for me: I have docker -it in the container and tried to set the "sysctl -q net.ipv4.conf.all.src_valid_mark=1" and the Read only filesystem error came.
Hi @McFabi try to change
allowed_ips:
- 0.0.0.0/0
with:
allowed_ips:
- 10.7.0.0/24
Please give me a feedback if it solves...should it! 👍
from addon-wireguard-client.
Ok that's working now...
strange... I tried this
from addon-wireguard-client.
Ok that's working now...
strange... I tried this
No, it's not so "strange" 0.0.0.0 is a reserved address 😉 ...and the read-only fs it's good as is too 👍 Enjoy
from addon-wireguard-client.
Hi @bigmoby ! Thank you very much for your Wireguard client!
Sorry to re-open this issue, but what if I need to allow 0.0.0.0/0 as incoming adress? My use case is that my HA instance is behind a 4G connection, with no public IP or forwardable ports, so I use Wireguard to connect to my other home Internet box which has a Wireguard instance on it. I can then create a port forwarding rule on it so that I can access my HA. The problem is that the source addresse is whatever Internet address I use when trying to connect to the remote HA so I need to be able to use a wildcard in allowed_ips.
Do you know how I could achieve that with your plugin?
from addon-wireguard-client.
Related Issues (20)
- problems installing Wireguard client on HACS HOT 1
- It won't hold the connection to wireguard. HOT 4
- connecting to non-default wg port not possible HOT 4
- Need to create multiple peers in wireguard client under home assistant HOT 9
- Remote HomeAssistant Break after update to 0.2.0 HOT 11
- no local connect HOT 1
- After adding the reposity and refreshing the add-on store I cannot find the wireguard client HOT 4
- Problem connecting to wireguard server HOT 3
- no handshake over IPv6 HOT 1
- set MTU size HOT 1
- Extremely slow connection between server and client HOT 2
- [TUN] [wg_server] No valid endpoint has been configured or discovered for peer 3 HOT 7
- Unable to connect domain.duckdns.org, connection not made between client and server HOT 7
- JSON format HOT 2
- Connecting to HomeAssistant UI via WireGuard Client HOT 4
- Home-Assistant working as a NAT Server for VPN client connection HOT 1
- HA seems not accessible from inside vpn HOT 2
- IP masquerading not working correctly HOT 4
- Core updates will fail -- Solution: disable WireGuard HOT 1
- WireGuard client status API - change port HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from addon-wireguard-client.