Alex0901 0 Posted ... (edited) Hello, now Wireguard runs on my Synology has with DSM7, but Portforwarding don't work. When I set [Interface] Address = 10.184.113.180/32 PrivateKey = XXX= PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [PEER] PublicKey = XXX= PresharedKey =XXX= Endpoint = 213.152.162.148:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 I became a error, because it doesen't work with the DSM 7 Linux Kernel When I set [Interface] Address = 10.184.113.180/32 PrivateKey = XXX= PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [PEER] PublicKey = XXX= PresharedKey = XXX= Endpoint = 213.152.162.148:1637 AllowedIPs = 0.0.0.0/1, 128.0.0.0/1 PersistentKeepalive = 15 root@DS920:/etc/wireguard# wg show interface: wg0 public key: XXX private key: (hidden) listening port: 45316 peer: XXX preshared key: (hidden) endpoint: 213.152.162.148:1637 allowed ips: 0.0.0.0/1, 128.0.0.0/1 latest handshake: 16 minutes, 31 seconds ago transfer: 92 B received, 17.72 GiB sent persistent keepalive: every 15 seconds The connection work, but nothing is to see in the Client Area under connected devises and Portforwarding doesn't work. When I set [Interface] Address = 10.184.113.180/32 PrivateKey = XXX= PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [PEER] PublicKey = XXX= PresharedKey = XXX= Endpoint = 213.152.162.148:1637 AllowedIPs = 192.168.84.0/32 PersistentKeepalive = 15 The connection work, I see my Client in the Client Area under connected devices but Portforwarding doesn't work. Can anybody help me? Edited ... by Alex0901 Ergänzung Quote Share this post Link to post
Daniel15 14 Posted ... 1 hour ago, Alex0901 said: I became a error, because it doesen't work with the DSM 7 Linux Kernel What's the error? Quote Share this post Link to post
Alex0901 0 Posted ... 4 minutes ago, Daniel15 said: What's the error? iptables-restore v1.8.3 (legacy): iptables-restore: unable to initialize table 'raw' Error occurred at line: 1 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Quote Share this post Link to post
Alex0901 0 Posted ... The Problem is solved. I made a static route in the DSM and now all works fine. Quote Share this post Link to post
x10 0 Posted ... DSM7 Gluetun fiber 1000/1000 Dutch server docker run -it --rm --network=container:gluetun alpine:3.14 /bin/sh -c "apk add speedtest-cli && speedtest-cli" Testing download speed................................................................................ Download: 469.52 Mbit/s Testing upload speed...................................................................................................... Upload: 470.62 Mbit/s Quote Share this post Link to post
MrAndersonX 9 Posted ... Holy crap Wireguard is running well. Easily hitting over 800mbit down in most cases. This is over wifi btw, a floor up and a couple rooms over from my router (Wifi6) on gigabit internet.https://www.speedtest.net/result/12486452078 Suffice to say, I am extremely impressed. Well done guys! 1 Staff reacted to this Quote Share this post Link to post
Stan464 2 Posted ... (edited) Hi All/AirVPN Guys! Really like that WG is in BETA! just poking about trying myself, has anyone set this up on PFS? Seems i cannot get it to route traffic. Setup the Peer/Tunnel and NAT/FW but i can Ping from the Interface via Diag --> Ping. But cannot route much else. Could anyone provide Screenshots of Example setups (Omitting Private Information of course) Thanks! - Just need to sanity check what I have, Thanks All! Edited ... by Stan464 Typo. Quote Share this post Link to post
Wolke68 5 Posted ... this for Mulvad you can change it for AirVPN with your confighttps://airvpn.org/external_link/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DwYe7FzZ_0X8 1 Lee47 reacted to this Quote Share this post Link to post
Stan464 2 Posted ... 1 hour ago, Wolke68 said: this for Mulvad you can change it for AirVPN with your confighttps://airvpn.org/external_link/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DwYe7FzZ_0X8 Absolutely fantastic guide! thanks for the Link! seems I had missed the GW Settings in the Interface! Thanks Dude! Quote Share this post Link to post
yolomedicbear 1 Posted ... (edited) One big problem with the WireGurard config generator, it's providing the same Interface address for all servers. Because of this multiple tunnels cannot be used on the same device (e.g. pfSense). I was trying to setup two tunnels and ran into this issue. I have also used other VPN providers such as TorGuard and Mullvad and they provide a different address for each config.Example:Singapore server 1 config [Interface] Address = 10.172.172.199/10 PrivateKey = xxx DNS = 10.128.0.1 [Peer] PublicKey = xxx PresharedKey = xxx Endpoint = xxx:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 Singapore server 2 config [Interface] Address = 10.172.172.199/10 PrivateKey = xxx DNS = 10.128.0.1 [Peer] PublicKey = xxx PresharedKey = xxx Endpoint = xxx:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 Edited ... by coldfire7 Quote Share this post Link to post
Daniel15 14 Posted ... 4 hours ago, coldfire7 said: One big problem with the WireGurard config generator, it's providing the same Interface address for all servers. You should get different interface addresses if you configure multiple different "devices" in AirVPN's UI here: https://airvpn.org/devices/. Each device has a details button to view the VPN IP for that device. Two AirVPN devices should work fine on the same physical device, just remember to use different adapter names if on Linux (eg. wg0 for the first one and wg1 for the second one). 2 Lee47 and yolomedicbear reacted to this Quote Share this post Link to post
yolomedicbear 1 Posted ... (edited) 2 hours ago, Daniel15 said: You should get different interface addresses if you configure multiple different "devices" in AirVPN's UI. It's mentioned earlier in the thread. It still works fine on the same physical device, just remember to use different adapter names if on Linux (eg. wg0 for the first one and wg1 for the second one). OK found it (https://airvpn.org/devices/). Thanks! Edited ... by coldfire7 Quote Share this post Link to post
Stan464 2 Posted ... 2 hours ago, coldfire7 said: OK found it (https://airvpn.org/devices/). Thanks! Off Topic, how did you split your GW's into Sections like that? is that a feature avail in " 2.5.2-RELEASE " or is this BETA PFS? Quote Share this post Link to post
yolomedicbear 1 Posted ... (edited) 2 hours ago, Stan464 said: Off Topic, how did you split your GW's into Sections like that? is that a feature avail in " 2.5.2-RELEASE " or is this BETA PFS? Ya, it's available in pfSense 2.5.2.Here's how you do it:1. Click the wrench on the top right corner and edit the first widget 2. Add a secondary Gateways widget, and then edit that one 3. Once you are done adding and editing click the save icon on the top right corner of the dashboard Edited ... by coldfire7 1 Stan464 reacted to this Quote Share this post Link to post
Opayq 1 Posted ... Hi AirVPN @Staff. Please elaborate on this matter. On 10/28/2021 at 12:57 PM, Staff said: About privacy concerns, we wrote a FAQ answer here . Please make sure to read it. I read the FAQ but I don't fully understand the privacy implications of the following: "by design it is not ideal for privacy, because it doesn't allocate VPN IP Addresses (10.*) dynamically..." What privacy risks does that entail? Every time I reconnect to the VPN, I may be assigned to a different AirVPN server and thus have a different public IP (from the point of view of the websites I visit). Since this public IP address is shared, it adds a layer of anonymity. So what is the big deal with these 10.* ip addresses not being assigned dynamically? And why (and when) would a client want to renew their keys "forcing a new, random IP address reassignment"? Reading the ProtonVPN WireGuard offering makes it look as if they have solved the privacy issue. "To allow more than two people to be connected to the same VPN server at the same time on WireGuard, we use double network address translation (NAT) to dynamically provision sessions." Wouldn't that be a good solution for AirVPN to implement as well? Really happy with the VPN performance improvements now that I can use WireGuard with my new router. My old router had AES hardware acceleration, so pretty good OpenVPN performance. But my new router, without AES hardware acceleration, is much faster still thanks to WireGuard Quote Share this post Link to post
thetechdude 3 Posted ... There seems to be an issue with AirVPN's implementation of wireguard and Steam, the gaming platform. I have server issues all the time playing Steam games. I do not have any such issues using ovpn. I can only assume AirVPN is using WireGuardNT, that has been causing me issues with Steam and other VPNs as well. Anyone else having these problems? Quote Share this post Link to post
Daniel15 14 Posted ... 35 minutes ago, thetechdude said: There seems to be an issue with AirVPN's implementation of wireguard and Steam, the gaming platform. I have server issues all the time playing Steam games. I do not have any such issues using ovpn. I can only assume AirVPN is using WireGuardNT, that has been causing me issues with Steam and other VPNs as well. Anyone else having these problems? This sounds like an issue with WireGuard rather than AirVPN specifically... I'd suggest posting to the WireGuard mailing list about it. Quote Share this post Link to post
thetechdude 3 Posted ... 29 minutes ago, Daniel15 said: This sounds like an issue with WireGuard rather than AirVPN specifically... I'd suggest posting to the WireGuard mailing list about it. Except it isn't. It's an issue with Wireguard NT version, not regular Wireguard, which is why I wanted to know if Eddie uses Wireguard NT. Quote Share this post Link to post
Daniel15 14 Posted ... 10 minutes ago, thetechdude said: Except it isn't. It's an issue with Wireguard NT version, not regular Wireguard, which is why I wanted to know if Eddie uses Wireguard NT I'd assume so, since WireguardNT has been enabled by default in Wireguard itself for a few months now.https://mobile.twitter.com/EdgeSecurity/status/1437402720135270403 WireguardNT is part of the Wireguard project and thus bugs should be reported there. https://lists.zx2c4.com/mailman/listinfo/wireguard 1 OpenSourcerer reacted to this Quote Share this post Link to post
mith_y2k 6 Posted ... Quick 👏 to the team, I installed WireGuard on my Pi4. Very quick test connecting to the same Air server and same Speedtest server showed a 3x improvement on downloads and uploads. It went from about 54/59 down/up to 156/159. LOVE IT 1 Lee47 reacted to this Quote Share this post Link to post
2ovmmcgt*natD9WTA6WDdnvo$ 0 Posted ... Download speeds are stellar in Eddie's WireGuard beta, but upload is about half as fast as the wireguard client from https://www.wireguard.com/ with WireguardNT enabled. Quote Share this post Link to post
gaywallet 0 Posted ... (edited) So I set up a container on my DSM 920+ using https://github.com/runfalk/synology-wireguard I route this containers network to https://github.com/henrywhitaker3/Speedtest-Tracker using network_mode: container:wireguard however, the speedtest tracker seems to escape the network - results return my webserver instead of airvpn I tried routing the network to a copy of torrenting software and ipleak returns the right dns, but when downloading a random torrent and paying attention to the vpn sessions page the download/upload doesn't reflect full bandwidth. does anyone have a similar setup and experiencing similar issues? If you're on DSM 7 can you point me at which docker image you're using for the vpn connection? really not sure what to do here... edit: also tried https://registry.hub.docker.com/r/cmulk/wireguard-docker and had the same issue Edited ... by gaywallet tried another repo Quote Share this post Link to post
esjalistas 0 Posted ... A question on Wireguard and privacy. In your Wireguard FAQ on https://airvpn.org/faq/wireguard, you state: "Another privacy concern is that WireGuard stores users' real IP addresses on the VPN server indefinitely. During a VPN session, it's inevitable that our servers know the user's real IP address (to redirect traffic), this happens also with OpenVPN. The different issue here is that WireGuard keeps this data even if the session is closed. In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory." Now, I wonder what "Wireguard" really refers to in this paragraph. Wireguard is a protocol, or a procedure, right? How can a protocol retain data (a user's real IP address) as soon as it is no longer in use (i.e. as soon as a connection is dropped)? I suppose that "Wireguard keeps this data even if the session is closed" means that the data is stored on a server somewhere. If so, what (whose) server is that? Where is it located? TIA for your elucidation. Regards, -- Esjalistas Quote Share this post Link to post
OpenSourcerer 1351 Posted ... 3 hours ago, esjalistas said: Wireguard is a protocol, or a procedure, right? Should be quite obvious that Wireguard means an app implementing the Wireguard protocol. After all, OpenVPN for example is also both the name of the app and the protocol this app implements. 3 hours ago, esjalistas said: I suppose that "Wireguard keeps this data even if the session is closed" means that the data is stored on a server somewhere. If so, what (whose) server is that? Where is it located? It's stored on the VPN server you connect to with Wireguard, just like OpenVPN would store it (though, I'd rather call this cached in the case of OpenVPN). Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
gaywallet 0 Posted ... (edited) On 1/9/2022 at 2:29 PM, gaywallet said: does anyone have a similar setup and experiencing similar issues? If you're on DSM 7 can you point me at which docker image you're using for the vpn connection? really not sure what to do here... well I thought I had solved the issue by running wg-quick directly, but stuck on figuring out how to get networking to work for allowedips = 0.0.0.0/1, 128.0.0.0/1 On 12/15/2021 at 8:53 AM, Alex0901 said: The Problem is solved. I made a static route in the DSM and now all works fine. if you're still around can you explain what you did? EDIT: apparently got it working with gluetun...https://www.speedtest.net/result/c/b52f7736-aceb-49a0-bbec-9db866b3ae14 Edited ... by gaywallet Quote Share this post Link to post