omv7:omv7_plugins:wireguard

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
omv7:omv7_plugins:wireguard [2024/04/24 15:28] – [Configuring a Client] chenteomv7:omv7_plugins:wireguard [2025/09/02 18:20] (current) – [Update DuckDNS IP. Receive notifications only when it changes and restart WireGuard automatically] chente
Line 47: Line 47:
 In OMV7's GUI:\\ In OMV7's GUI:\\
 Under **System** > **Plugins**, find and highlight **openmediavault-wireguard 7.X**, and click the **install** button. Under **System** > **Plugins**, find and highlight **openmediavault-wireguard 7.X**, and click the **install** button.
 +
 +<html><body><table width="100%" border="0"><tr><td colspan="2" style="background-color:#69A5FF;height:30px;"><strong><span style="color:#FFFFFF;font-size:110%;">&#160; Note
 +</span></strong></td></tr><tr><td style="background-color:#E6FEFF;height:25px;width:380px;">
 +If your system is based on an <b>Armbian</b> image, installing this plugin may break the existing Kernel.<br>
 +To solve it you must reinstall the Armbian Kernel once the plugin is installed and everything will work normally.
 +</tr></table></body></html>
  
 ---- ----
Line 62: Line 68:
 {{ :omv6:omv6_plugins:wireguard4.jpg?direct&400|Wireguard Tunnels Create}} {{ :omv6:omv6_plugins:wireguard4.jpg?direct&400|Wireguard Tunnels Create}}
   * In the OMV GUI go to **Services** > **Wireguard** > **Tunnels** Press the **Create** button.    * In the OMV GUI go to **Services** > **Wireguard** > **Tunnels** Press the **Create** button. 
 +    * Press the **Enable** button to enable the tunnel.
   * **Basic Configuration** In the dialog box enable the tunnel and complete the following fields:    * **Basic Configuration** In the dialog box enable the tunnel and complete the following fields: 
     * **Name** You can name the tunnel to identify it later.      * **Name** You can name the tunnel to identify it later. 
Line 148: Line 155:
   * Click **Save**. At this point, if you have already activated the tunnel and the client, the connection will be up and running.    * Click **Save**. At this point, if you have already activated the tunnel and the client, the connection will be up and running. 
   * By pressing the button **Client Config** you can see the client configuration file, you can copy and paste the text in a file to configure the connection in the client. If you do it this way, add the ending ".conf" to the created file. Treat this file like a password, it is the access key to your network. Once the connection is configured, it is advisable to delete this file for security.    * By pressing the button **Client Config** you can see the client configuration file, you can copy and paste the text in a file to configure the connection in the client. If you do it this way, add the ending ".conf" to the created file. Treat this file like a password, it is the access key to your network. Once the connection is configured, it is advisable to delete this file for security. 
-  * A QR will appear in the table (if the client is enabled), which you can scan from a smartphone to configure the connection without having to copy a file. If you need to send it you can take a photo. Treat this image as a password, it is the access key to your network (the first time the page loads after setup the QR code still does not appear, please reload the page or change tabs and come back to see the QR code).+  * A QR will appear in the table (if the client is enabled), which you can scan from a smartphone to configure the connection without having to copy a file. If you need to send it you can take a photo. Treat this image as a password, it is the access key to your network. Press the "Generate QR Codes" button to generate the images.
   * Use a different client configuration for each client. If you configure the same connection on several clients at the same time, they will not be able to connect simultaneously.   * Use a different client configuration for each client. If you configure the same connection on several clients at the same time, they will not be able to connect simultaneously.
  
Line 511: Line 518:
         * This will have installed the ''curl'' package on the system. Now select the task again and press the **Edit** button. Delete the ''apt install curl'' command you wrote earlier.         * This will have installed the ''curl'' package on the system. Now select the task again and press the **Edit** button. Delete the ''apt install curl'' command you wrote earlier.
   * Type the following command in the **Command** field of the dialog box.   * Type the following command in the **Command** field of the dialog box.
-<html><body><pre><code>echo url="https://www.duckdns.org/update?domains=MY_DOMAIN&token=MY_TOKEN&ip=" | curl -k -o /var/log/duck.log -K -</code></pre></body></html> +<html><body><pre><code>echo url="https://www.duckdns.org/update?domains=[MY_DOMAIN]&token=[MY_TOKEN]&ip=" | curl -k -o /var/log/duck.log -K -</code></pre></body></html> 
-  * Replace ''MY_DOMAIN'' with the subdomain you chose in "''MY_DOMAIN''.duckdns.org"+  * Replace ''[MY_DOMAIN]'' with the subdomain you chose in "''[MY_DOMAIN]''.duckdns.org"
-  * Replace ''MY_TOKEN'' with the token that has been assigned to your duckdns account.+  * Replace ''[MY_TOKEN]'' with the token that has been assigned to your duckdns account.
   * In the **Time of execution** field, choose the Hourly option.   * In the **Time of execution** field, choose the Hourly option.
     * This will run the command every hour. If your IP changes frequently you can change this to run for shorter periods of time. Every 5 minutes may be reasonable.     * This will run the command every hour. If your IP changes frequently you can change this to run for shorter periods of time. Every 5 minutes may be reasonable.
Line 527: Line 534:
 This task will create a log file at /var/log/duck.log. This task will create a log file at /var/log/duck.log.
 </tr></table></body></html> </tr></table></body></html>
 +
 +----
 +
 +=== Update DuckDNS IP. Receive notifications only when it changes and restart WireGuard automatically ===
 +
 +You can add this script to a scheduled task so that your public IP is updated, and you receive a notification only if it changes.
 +
 +Additionally, if you are using a WireGuard tunnel between two servers and the public IP changes on one of them, the tunnel may drop connections (because it will still try to reach the old IP). Restarting the service automatically allows the peer to establish a new //handshake//, updating the tunnel with the new IP.
 +
 +Example command:
 +
 +<html><body><pre><code>curl -s -k "https://www.duckdns.org/update?domains=[MY_DOMAIN]&token=[MY_TOKEN]&ip=&verbose=true" | grep -q UPDATED && echo "UPDATED PUBLIC IP IN DUCKDNS" && systemctl restart wg-quick@wgnet_[MY_TUNNEL]</code></pre></body></html>
 +
 +  * Replace ''[MY_DOMAIN]'' with the subdomain you chose in "''[MY_DOMAIN]''.duckdns.org" and ''[MY_TOKEN]'' with your token.
 +  * Replace ''[MY_TUNNEL]'' with the name you assigned to your tunnel in the WireGuard plugin.
 +  * Remember to enable notifications in OMV to receive an alert when the public IP changes.
 +  * Add a descriptive label to the scheduled task so you can easily identify it.
 +
 +Once created, simply copy the command into **Scheduled Tasks** and set the execution interval.
 +
 +Remember to install ''curl'' if it is not installed on your system (see previous point).
  
 ---- ----
Line 566: Line 594:
  
 ---- ----
 +
 +=== I can't access some of my containers. MacVLAN. ===
 +
 +If you have containers configured using a MacVLAN network interface, you won't be able to access them using Wireguard. Containers with this configuration can't communicate with the host, so Wireguard can't access them either. This is a limitation of the Linux kernel.
 +
 +There are workarounds, but they're beyond the scope of this document; please refer to the Docker documentation.
 +
 +----
 +
 +=== I can access my LAN, but I don't have internet access. ===
 +
 +We've received reports of some Mac clients where the network remains split even with ''AllowedIPs = 0.0.0.0/0'' set. This results in the client being unable to access the internet.
 +
 +Try adding a generic DNS to your Wireguard tunnel on the client. Something like ''DNS = 1.0.0.1'' or ''DNS = 8.8.8.8'' might work.
 +
 +----
 +
 +
 ===== Source Code ===== ===== Source Code =====
  
  • omv7/omv7_plugins/wireguard.1713972500.txt.gz
  • Last modified: 2024/04/24 15:28
  • by chente