Differences

This shows you the differences between two versions of the page.

--- omv6:omv6_plugins:wireguard [2023/09/12 16:16] – [I can't connect to the network from outside] chente
+++ omv6:omv6_plugins:wireguard [2024/04/27 17:30] (current) – chente
@@ Line 1: / Line 1: @@
+{{indexmenu_n>13}}
 \\
+<html><center><span style="font-size:150%;">
+<b>Link to</b> → <a href="https://wiki.omv-extras.org/doku.php?id=omv7:omv7_plugins:wireguard">Wireguard Plugin For OMV7</a><br>
+<br/></span></center></html>
 <html><center><b>Wireguard Plugin For OMV6</b></center></html>
@@ Line 13: / Line 17: @@
 ===== Summary =====
+  * The main purpose of Wireguard is to facilitate the connection of two devices over the Internet securely.
   * Openmediavault-wireguard integrates into the OMV interface trough the Tunnels and Clients tabs the ability to generate one or more point-to-site encrypted VPN Wireguard connection networks with two clicks.
     * Wireguard's point-to-site connection allows access to the entire network where the server is.
@@ Line 133: / Line 138: @@
     * **Client number** It must not coincide with that of other clients.
     * **Tunnel number** You must assign the client to one of the previously created tunnels.
     * **Name** You can name the client to identify it later.
+    * **Restrict** button. The default setting is to leave it unchecked, this will set AllowedIPs to 0.0.0.0/0 and all traffic will be routed through the tunnel. If you press it, only traffic directed to the wireguard network will be routed. To access the server services you must write the IP of the server, if the tunnel is number 1 the IP will be 10.192.1.254, if the tunnel is number 2 the IP will be 10.192.2.254... After that add '':'' and the service port. For example, to access Jellyfin it would be ''10.192.1.254:8096'' if it is tunnel number 1. You will not be able to access other services on your local network outside of your server. If you need that you must edit the client configuration and set the local network range in the AllowedIPs field. For example ''AllowedIPs = 192.168.1.0/24'' (adapt it to your case)
+    * **Persistent Keepalive** The default setting is to leave it blank. In some cases it may be necessary to set a value here to keep the connection active. A suitable value is usually 25 (Every 25 seconds the client will send a packet to the server).
+    * **DNS Servers** The default setting is to leave it blank. In some cases it may be necessary to establish a DNS server for the client to communicate correctly on the local network. The usual thing will be to establish the IP of the router. The menu will show the existing value in resolv.conf in case you want to copy it to the field on the right.
     * Click **Save**. At this point, if you have already activated the tunnel and the client, the connection will be up and running.
   * By pressing the button **Client Config** you can see the client configuration file, you can copy and paste the text in a file to configure the connection in the client. If you do it this way, add the ending ".conf" to the created file. Treat this file like a password, it is the access key to your network. Once the connection is configured, it is advisable to delete this file for security.
@@ Line 517: / Line 525: @@
   * If you are testing the connection from a device connected to the same network by Wi-Fi or cable it will not work, disconnect from this network. For example, with a smartphone, disable Wi-Fi and connect to the internet with a mobile data connection.
-  * Make sure your public IP is reachable on the internet. Look on your router for the public IP you are using. Compare that IP with the one that appears on any site of the whatismyip type. If they are different your network is not reachable. Check with your ISP if you are inside CGNAT.
+  * Make sure your public IP is reachable on the internet. Look on your router for the public IP you are using. Compare that IP with the one that appears on any site of the whatismyip type, for example [[https://www.whatismyip.net/|www.whatismyip.net]]. If they are different your network is not reachable. Check with your ISP if you are inside CGNAT, if so ask your ISP to remove you from CGNAT if possible.
   * Check that your domain points to your public IP. Type your domain on this site [[https://www.whatsmydns.net/|www.whatsmydns.net]] and check if it is pointing to your IP.
   * Make sure that you have established a tunnel with the default values and check the operation. Once verified, proceed to make the customizations.
@@ Line 526: / Line 534: @@
 Set the value ''AllowedIPs = 0.0.0.0/0'' and check if you have access. If so, you can now proceed to customize the network range. If after customizing the network range you lose access, you haven't done it right.
+----
+=== I have set the same settings on the smartphone and the laptop and it only works on one ===
+If you need two accesses from two or more clients, you must configure a different connection for each client. If you establish the same configuration on different clients, only one of them will work, they will never work simultaneously.
+----
+=== I can't access my shared folders ===
+Sometimes domain name resolution may not work. If this is the case, try accessing through your server's IP instead of the domain name.
+----
+=== I can't access the internet from my client ===
+If you can access your local network from the client but cannot access the internet, try splitting the tunnel traffic. Connections directed to your local network would go through the Wireguard tunnel, the rest of the connections would go through your smartphone's standard network interface accessed by the laptop. To do that you must do it like this:
+  * In the client configuration replace the line ''AllowedIPs = 0.0.0.0/0'' with this ''AllowedIPs = 192.168.1.0/24'' (assuming that the scope of your local network is that, adapt it to your case)
 ----