Wireguard containers?

Currently reading
Wireguard containers?

245
47
NAS
DS918+, DS414j
Operating system
  1. Linux
  2. Windows
  3. other
Mobile operating system
  1. Android
So, I'm running DSM 6.2 I've installed:
Code:
https://github.com/runfalk/synology-wireguard
Then I've configured and set up:
Code:
ghcr.io/linuxserver/wireguard
as a Wireguard server... This works perfectly, is much faster and more reliable than any of the VPN's Synology offer and better than my previous OpenVPN configuration.

So now to the fun part.
I've tried both the linuxserver/wireguard (seperate one ofc) container configured as a client which fails with:
Code:
[#] ip link add wg0 type wireguard,
[#] wg setconf wg0 /dev/fd/63,
[#] ip -4 address add redacted/24 dev wg0,
[#] ip link set mtu 1420 up dev wg0,
[#] resolvconf -a wg0 -m 0 -x,
[#] wg set wg0 fwmark 51820,
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820,
[#] ip -4 rule add not fwmark 51820 table 51820,
[#] ip -4 rule add table main suppress_prefixlength 0,
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1,
[#] iptables-restore -n,
iptables-restore v1.6.1: iptables-restore: unable to initialize table 'raw',
,
Error occurred at line: 1,
Try `iptables-restore -h' or 'iptables-restore --help' for more information.,
[#] resolvconf -d wg0 -f,
[#] ip -4 rule delete table 51820,
[#] ip -4 rule delete table main suppress_prefixlength 0,
[#] ip link delete dev wg0

Any ideas where I'm going wrong?
Docker-compose:
Code:
version: '3'
services:
  wireguard2:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard2
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=${USERID}
      - PGID=${USERGROUP}
      - TZ=${TZ}
    volumes:
      - "${SSD}/wireguard2:/config"
      - '/etc/localtime:/etc/localtime:ro'
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - synology
    restart: always
    privileged: true
networks:
  synology:
    external: true
Thanks in advance.
FWIW I'm not precious about using a given container and have also tried justin8/torguard-openvpn but it's been archived.
 
If getting something going via Docker/Synology turns out to be a hassle, there is a very simple to deploy personal VPN service based on WireGuard that a lot of my geeky friends really like. (I'm running it on a Ubiquit EdgeRouter myself).

 
So, I'm running DSM 6.2 I've installed:
Code:
https://github.com/runfalk/synology-wireguard
Then I've configured and set up:
Code:
ghcr.io/linuxserver/wireguard
as a Wireguard server... This works perfectly, is much faster and more reliable than any of the VPN's Synology offer and better than my previous OpenVPN configuration.

So now to the fun part.
I've tried both the linuxserver/wireguard (seperate one ofc) container configured as a client which fails with:
Code:
[#] ip link add wg0 type wireguard,
[#] wg setconf wg0 /dev/fd/63,
[#] ip -4 address add redacted/24 dev wg0,
[#] ip link set mtu 1420 up dev wg0,
[#] resolvconf -a wg0 -m 0 -x,
[#] wg set wg0 fwmark 51820,
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820,
[#] ip -4 rule add not fwmark 51820 table 51820,
[#] ip -4 rule add table main suppress_prefixlength 0,
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1,
[#] iptables-restore -n,
iptables-restore v1.6.1: iptables-restore: unable to initialize table 'raw',
,
Error occurred at line: 1,
Try `iptables-restore -h' or 'iptables-restore --help' for more information.,
[#] resolvconf -d wg0 -f,
[#] ip -4 rule delete table 51820,
[#] ip -4 rule delete table main suppress_prefixlength 0,
[#] ip link delete dev wg0

Any ideas where I'm going wrong?
Docker-compose:
Code:
version: '3'
services:
  wireguard2:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard2
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=${USERID}
      - PGID=${USERGROUP}
      - TZ=${TZ}
    volumes:
      - "${SSD}/wireguard2:/config"
      - '/etc/localtime:/etc/localtime:ro'
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - synology
    restart: always
    privileged: true
networks:
  synology:
    external: true
Thanks in advance.
FWIW I'm not precious about using a given container and have also tried justin8/torguard-openvpn but it's been archived.

If you are on DSM7 already you will for sure need

Code:
    devices:
      - /dev/net/tun

also, remove privileged: true especially if you are no longer on dsm 6
 
I've setup runfalk's synology-wireguard on DSM7 as well as setup WeeJewel's wg-easy Docker container to manage WireGuard clients and created a video on how I did it -
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
. This may be an alternative option to linuxserver/wireguard?
 
I've setup runfalk's synology-wireguard on DSM7 as well as setup WeeJewel's wg-easy Docker container to manage WireGuard clients and created a video on how I did it -
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
. This may be an alternative option to linuxserver/wireguard?

Would you be able to create a walkthrough of how to setup wireguard as client (synology) to say vpn (mullvad)? thn route the containers through that? I've had way too many issues trying to get it to work. Or is it possible instead of using Docker just use the actual runfaulk install wireguard(Synology) client---> vpn provider(mullvad) ? Any help is appreciated :)
 
Would you be able to create a walkthrough of how to setup wireguard as client (synology) to say vpn (mullvad)? thn route the containers through that? I've had way too many issues trying to get it to work. Or is it possible instead of using Docker just use the actual runfaulk install wireguard(Synology) client---> vpn provider(mullvad) ? Any help is appreciated :)
Hi jobhax, I'll have to try out the senario(s) you've described and will create a video if/when I get a solid solution (sounds like something fun to hack on :)). If I figure out a solution I'll try to remember to post the solution here or you may want to consider subscribing to my YouTube channel as well. I really just cover Synology NAS solutions there at the moment.
 
Hi jobhax, I'll have to try out the senario(s) you've described and will create a video if/when I get a solid solution (sounds like something fun to hack on :)). If I figure out a solution I'll try to remember to post the solution here or you may want to consider subscribing to my YouTube channel as well. I really just cover Synology NAS solutions there at the moment.
Great! Definitely subscribed! :) Thank you for trying. I'm pretty tech savvy but can't for the life of me figure it out. Maybe it's not possible. Isssues' are because of the iptables since synology uses a older version.
 
Question! maybe someone know if it is possible...
At the moment I'm using VDSM as a VPN Gateway for my LAN, all the devices are connecting through this gateway so everything is going through the VPN tunnel.

But I was wondering if I could set up Wireguard as VPN server for some devices when needed to connect to the NAS from the outside e.g. mobile devices which need to connect to the NAS.

Any idea how to accomplish this if it is possible? Maybe by adding a second virtual network through the VMM, but then how to config it?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Best practice to avoid problems like these when using or testing apps in ones LAN Network is to grant...
Replies
19
Views
1,049
  • Question
Do realize, that enabling any user to run docker containers is largely the same as giving that user full...
Replies
6
Views
1,269

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top