Wireguard containers?

Currently reading
Wireguard containers?

245
47
NAS
DS918+, DS414j
Operating system
  1. Linux
  2. Windows
  3. other
Mobile operating system
  1. Android
So, I'm running DSM 6.2 I've installed:
Code:
https://github.com/runfalk/synology-wireguard
Then I've configured and set up:
Code:
ghcr.io/linuxserver/wireguard
as a Wireguard server... This works perfectly, is much faster and more reliable than any of the VPN's Synology offer and better than my previous OpenVPN configuration.

So now to the fun part.
I've tried both the linuxserver/wireguard (seperate one ofc) container configured as a client which fails with:
Code:
[#] ip link add wg0 type wireguard,
[#] wg setconf wg0 /dev/fd/63,
[#] ip -4 address add redacted/24 dev wg0,
[#] ip link set mtu 1420 up dev wg0,
[#] resolvconf -a wg0 -m 0 -x,
[#] wg set wg0 fwmark 51820,
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820,
[#] ip -4 rule add not fwmark 51820 table 51820,
[#] ip -4 rule add table main suppress_prefixlength 0,
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1,
[#] iptables-restore -n,
iptables-restore v1.6.1: iptables-restore: unable to initialize table 'raw',
,
Error occurred at line: 1,
Try `iptables-restore -h' or 'iptables-restore --help' for more information.,
[#] resolvconf -d wg0 -f,
[#] ip -4 rule delete table 51820,
[#] ip -4 rule delete table main suppress_prefixlength 0,
[#] ip link delete dev wg0

Any ideas where I'm going wrong?
Docker-compose:
Code:
version: '3'
services:
  wireguard2:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard2
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=${USERID}
      - PGID=${USERGROUP}
      - TZ=${TZ}
    volumes:
      - "${SSD}/wireguard2:/config"
      - '/etc/localtime:/etc/localtime:ro'
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - synology
    restart: always
    privileged: true
networks:
  synology:
    external: true
Thanks in advance.
FWIW I'm not precious about using a given container and have also tried justin8/torguard-openvpn but it's been archived.
 
If getting something going via Docker/Synology turns out to be a hassle, there is a very simple to deploy personal VPN service based on WireGuard that a lot of my geeky friends really like. (I'm running it on a Ubiquit EdgeRouter myself).

 
So, I'm running DSM 6.2 I've installed:
Code:
https://github.com/runfalk/synology-wireguard
Then I've configured and set up:
Code:
ghcr.io/linuxserver/wireguard
as a Wireguard server... This works perfectly, is much faster and more reliable than any of the VPN's Synology offer and better than my previous OpenVPN configuration.

So now to the fun part.
I've tried both the linuxserver/wireguard (seperate one ofc) container configured as a client which fails with:
Code:
[#] ip link add wg0 type wireguard,
[#] wg setconf wg0 /dev/fd/63,
[#] ip -4 address add redacted/24 dev wg0,
[#] ip link set mtu 1420 up dev wg0,
[#] resolvconf -a wg0 -m 0 -x,
[#] wg set wg0 fwmark 51820,
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820,
[#] ip -4 rule add not fwmark 51820 table 51820,
[#] ip -4 rule add table main suppress_prefixlength 0,
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1,
[#] iptables-restore -n,
iptables-restore v1.6.1: iptables-restore: unable to initialize table 'raw',
,
Error occurred at line: 1,
Try `iptables-restore -h' or 'iptables-restore --help' for more information.,
[#] resolvconf -d wg0 -f,
[#] ip -4 rule delete table 51820,
[#] ip -4 rule delete table main suppress_prefixlength 0,
[#] ip link delete dev wg0

Any ideas where I'm going wrong?
Docker-compose:
Code:
version: '3'
services:
  wireguard2:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard2
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=${USERID}
      - PGID=${USERGROUP}
      - TZ=${TZ}
    volumes:
      - "${SSD}/wireguard2:/config"
      - '/etc/localtime:/etc/localtime:ro'
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - synology
    restart: always
    privileged: true
networks:
  synology:
    external: true
Thanks in advance.
FWIW I'm not precious about using a given container and have also tried justin8/torguard-openvpn but it's been archived.

If you are on DSM7 already you will for sure need

Code:
    devices:
      - /dev/net/tun

also, remove privileged: true especially if you are no longer on dsm 6
 
I've setup runfalk's synology-wireguard on DSM7 as well as setup WeeJewel's wg-easy Docker container to manage WireGuard clients and created a video on how I did it -
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
. This may be an alternative option to linuxserver/wireguard?
 
I've setup runfalk's synology-wireguard on DSM7 as well as setup WeeJewel's wg-easy Docker container to manage WireGuard clients and created a video on how I did it -
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
. This may be an alternative option to linuxserver/wireguard?

Would you be able to create a walkthrough of how to setup wireguard as client (synology) to say vpn (mullvad)? thn route the containers through that? I've had way too many issues trying to get it to work. Or is it possible instead of using Docker just use the actual runfaulk install wireguard(Synology) client---> vpn provider(mullvad) ? Any help is appreciated :)
 
Would you be able to create a walkthrough of how to setup wireguard as client (synology) to say vpn (mullvad)? thn route the containers through that? I've had way too many issues trying to get it to work. Or is it possible instead of using Docker just use the actual runfaulk install wireguard(Synology) client---> vpn provider(mullvad) ? Any help is appreciated :)
Hi jobhax, I'll have to try out the senario(s) you've described and will create a video if/when I get a solid solution (sounds like something fun to hack on :)). If I figure out a solution I'll try to remember to post the solution here or you may want to consider subscribing to my YouTube channel as well. I really just cover Synology NAS solutions there at the moment.
 
Hi jobhax, I'll have to try out the senario(s) you've described and will create a video if/when I get a solid solution (sounds like something fun to hack on :)). If I figure out a solution I'll try to remember to post the solution here or you may want to consider subscribing to my YouTube channel as well. I really just cover Synology NAS solutions there at the moment.
Great! Definitely subscribed! :) Thank you for trying. I'm pretty tech savvy but can't for the life of me figure it out. Maybe it's not possible. Isssues' are because of the iptables since synology uses a older version.
 
Question! maybe someone know if it is possible...
At the moment I'm using VDSM as a VPN Gateway for my LAN, all the devices are connecting through this gateway so everything is going through the VPN tunnel.

But I was wondering if I could set up Wireguard as VPN server for some devices when needed to connect to the NAS from the outside e.g. mobile devices which need to connect to the NAS.

Any idea how to accomplish this if it is possible? Maybe by adding a second virtual network through the VMM, but then how to config it?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I mean an older version. I believe hotio is offering a container with a legacy version of qbittorrent due...
Replies
111
Views
13,772
It keeps stopping working between the 2 Synologys, and I have to keep running commands in the Terminal to...
Replies
21
Views
17,189
Oh, I see! That does appear to be a lot easier. Thanks for your reply! (y)
Replies
8
Views
2,953
Well, that's the reason as you already noticed. So you haven't migrated the @docker content? Do you have...
Replies
5
Views
1,879
ye, feels like routing issue. Internet connection is working until tunnel is up. After that tunnel seems...
Replies
26
Views
4,934
Well, I just took a dive into the steps because I used the automated script and I think Pullio bricked...
Replies
6
Views
3,779

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top