Jump to content
Not connected, Your IP: 52.203.18.65
Staff

WireGuard beta testing available

Recommended Posts

Posted ... (edited)

Hello,

now Wireguard runs on my Synology has with DSM7, but Portforwarding don't work.

When I set

[Interface]
Address = 10.184.113.180/32
PrivateKey = XXX=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[PEER]
PublicKey = XXX=
PresharedKey =XXX=
Endpoint = 213.152.162.148:1637
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15

I became a error, because it doesen't work with the DSM 7 Linux Kernel

When I set 
[Interface]
Address = 10.184.113.180/32
PrivateKey = XXX=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[PEER]
PublicKey = XXX=
PresharedKey = XXX=
Endpoint = 213.152.162.148:1637
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
PersistentKeepalive = 15
root@DS920:/etc/wireguard# wg show
interface: wg0
  public key: XXX
  private key: (hidden)
  listening port: 45316

peer: XXX
  preshared key: (hidden)
  endpoint: 213.152.162.148:1637
  allowed ips: 0.0.0.0/1, 128.0.0.0/1
  latest handshake: 16 minutes, 31 seconds ago
  transfer: 92 B received, 17.72 GiB sent
  persistent keepalive: every 15 seconds


The connection work, but nothing is to see in the Client Area under connected devises and Portforwarding doesn't work.

When I set 

[Interface]
Address = 10.184.113.180/32
PrivateKey = XXX=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[PEER]
PublicKey = XXX=
PresharedKey = XXX=
Endpoint = 213.152.162.148:1637
AllowedIPs = 192.168.84.0/32
PersistentKeepalive = 15

The connection work, I see my Client in the Client Area under connected devices but Portforwarding doesn't work.

Can anybody help me? Edited ... by Alex0901
Ergänzung

Share this post


Link to post
1 hour ago, Alex0901 said:

I became a error, because it doesen't work with the DSM 7 Linux Kernel

What's the error?

 

Share this post


Link to post
4 minutes ago, Daniel15 said:
What's the error?

 
 
iptables-restore v1.8.3 (legacy): iptables-restore: unable to initialize table 'raw'

Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Share this post


Link to post

DSM7
Gluetun
fiber 1000/1000
Dutch server
 

docker run -it --rm --network=container:gluetun alpine:3.14 /bin/sh -c "apk add speedtest-cli && speedtest-cli"

Testing download speed................................................................................
Download: 469.52 Mbit/s
Testing upload speed......................................................................................................
Upload: 470.62 Mbit/s

Share this post


Link to post
Posted ... (edited)

Hi All/AirVPN Guys!


Really like that WG is in BETA! just poking about trying myself, has anyone set this up on PFS? Seems i cannot get it to route traffic.

Setup the Peer/Tunnel and NAT/FW but i can Ping from the Interface via Diag --> Ping. But cannot route much else. 


Could anyone provide Screenshots of Example setups (Omitting Private Information of course) Thanks! - Just need to sanity check what I have,


Thanks All!

Edited ... by Stan464
Typo.

Share this post


Link to post
Posted ... (edited)

One big problem with the WireGurard config generator, it's providing the same Interface address for all servers. Because of this multiple tunnels cannot be used on the same device (e.g. pfSense). I was trying to setup two tunnels and ran into this issue. I have also used other VPN providers such as TorGuard and Mullvad and they provide a different address for each config.

Example:
Singapore server 1 config

[Interface]
Address = 10.172.172.199/10
PrivateKey = xxx
DNS = 10.128.0.1

[Peer]
PublicKey = xxx
PresharedKey = xxx
Endpoint = xxx:1637
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15

Singapore server 2 config

[Interface]
Address = 10.172.172.199/10
PrivateKey = xxx
DNS = 10.128.0.1

[Peer]
PublicKey = xxx
PresharedKey = xxx
Endpoint = xxx:1637
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15
Edited ... by coldfire7

Share this post


Link to post
4 hours ago, coldfire7 said:

One big problem with the WireGurard config generator, it's providing the same Interface address for all servers.

 You should get different interface addresses if you configure multiple different "devices" in AirVPN's UI here: https://airvpn.org/devices/. Each device has a details button to view the VPN IP for that device.

Two AirVPN devices should work fine on the same physical device, just remember to use different adapter names if on Linux (eg. wg0 for the first one and wg1 for the second one).

Share this post


Link to post
Posted ... (edited)
2 hours ago, Daniel15 said:
 You should get different interface addresses if you configure multiple different "devices" in AirVPN's UI. It's mentioned earlier in the thread. It still works fine on the same physical device, just remember to use different adapter names if on Linux (eg. wg0 for the first one and wg1 for the second one).
OK found it (https://airvpn.org/devices/). Thanks!

2021-12-30_20-33-37.png.7f66f8f91c36fd86156ef977ffdeef5d.png Edited ... by coldfire7

Share this post


Link to post
Posted ... (edited)
2 hours ago, Stan464 said:


Off Topic, how did you split your GW's into Sections like that? is that a feature avail in " 
2.5.2-RELEASE
" or is this BETA PFS?
Ya, it's available in pfSense 2.5.2.


Here's how you do it:

1. Click the wrench on the top right corner and edit the first widget
2021-12-31_00-03-29.png.1fe5799578a6e7df10189d6ff66fd23c.png

2. Add a secondary Gateways widget, and then edit that one
2021-12-31_00-05-09.png.7ecd2bf189c0ff020ce2379c1e4295f7.png

3. Once you are done adding and editing click the save icon on the top right corner of the dashboard

2021-12-31_00-15-07.png.0574d88fc0f90fdcb4bc39c04c4780bd.png Edited ... by coldfire7

Share this post


Link to post

Hi AirVPN @Staff. Please elaborate on this matter.
 

On 10/28/2021 at 12:57 PM, Staff said:

About privacy concerns, we wrote a FAQ answer here . Please make sure to read it.


I read the FAQ but I don't fully understand the privacy implications of the following: "by design it is not ideal for privacy, because it doesn't allocate VPN IP Addresses (10.*) dynamically..."

What privacy risks does that entail?

Every time I reconnect to the VPN, I may be assigned to a different AirVPN server and thus have a different public IP (from the point of view of the websites I visit). Since this public IP address is shared, it adds a layer of anonymity. So what is the big deal with these 10.* ip addresses not being assigned dynamically? And why (and when) would a client want to renew their keys "forcing a new, random IP address reassignment"?

Reading the ProtonVPN WireGuard offering makes it look as if they have solved the privacy issue. "To allow more than two people to be connected to the same VPN server at the same time on WireGuard, we use double network address translation (NAT) to dynamically provision sessions." Wouldn't that be a good solution for AirVPN to implement as well?

Really happy with the VPN performance improvements now that I can use WireGuard with my new router. My old router had AES hardware acceleration, so pretty good OpenVPN performance. But my new router, without AES hardware acceleration, is much faster still thanks to WireGuard :)

Share this post


Link to post

There seems to be an issue with AirVPN's implementation of wireguard and Steam, the gaming platform.  I have server issues all the time playing Steam games.  I do not have any such issues using ovpn.  I can only assume AirVPN is using WireGuardNT, that has been causing me issues with Steam and other VPNs as well.  Anyone else having these problems?

Share this post


Link to post
35 minutes ago, thetechdude said:

There seems to be an issue with AirVPN's implementation of wireguard and Steam, the gaming platform.  I have server issues all the time playing Steam games.  I do not have any such issues using ovpn.  I can only assume AirVPN is using WireGuardNT, that has been causing me issues with Steam and other VPNs as well.  Anyone else having these problems?


This sounds like an issue with WireGuard rather than AirVPN specifically... I'd suggest posting to the WireGuard mailing list about it.

Share this post


Link to post
29 minutes ago, Daniel15 said:

This sounds like an issue with WireGuard rather than AirVPN specifically... I'd suggest posting to the WireGuard mailing list about it.

Except it isn't.  It's an issue with Wireguard NT version, not regular Wireguard, which is why I wanted to know if Eddie uses Wireguard NT.

Share this post


Link to post
10 minutes ago, thetechdude said:

Except it isn't.  It's an issue with Wireguard NT version, not regular Wireguard, which is why I wanted to know if Eddie uses Wireguard NT

I'd assume so, since WireguardNT has been enabled by default in Wireguard itself for a few months now.

https://mobile.twitter.com/EdgeSecurity/status/1437402720135270403

WireguardNT is part of the Wireguard project and thus bugs should be reported there.
https://lists.zx2c4.com/mailman/listinfo/wireguard

Share this post


Link to post

Quick 👏 to the team, I installed WireGuard on my Pi4. Very quick test connecting to the same Air server and same Speedtest server showed a 3x improvement on downloads and uploads. It went from about 54/59 down/up to 156/159. LOVE IT

Share this post


Link to post
Posted ... (edited)

So I set up a container on my DSM 920+  using https://github.com/runfalk/synology-wireguard

I route this containers network to https://github.com/henrywhitaker3/Speedtest-Tracker using network_mode: container:wireguard

however, the speedtest tracker seems to escape the network - results return my webserver instead of airvpn

I tried routing the network to a copy of torrenting software and ipleak returns the right dns, but when downloading a random torrent and paying attention to the vpn sessions page the download/upload doesn't reflect full bandwidth.

does anyone have a similar setup and experiencing similar issues? If you're on DSM 7 can you point me at which docker image you're using for the vpn connection? really not sure what to do here...

edit: also tried https://registry.hub.docker.com/r/cmulk/wireguard-docker and had the same issue

Edited ... by gaywallet
tried another repo

Share this post


Link to post
A question on Wireguard and privacy. In your Wireguard FAQ on https://airvpn.org/faq/wireguard, you state:

"Another privacy concern is that WireGuard stores users' real IP addresses on the VPN server indefinitely.
During a VPN session, it's inevitable that our servers know the user's real IP address (to redirect traffic), this happens also with OpenVPN.
The different issue here is that WireGuard keeps this data even if the session is closed.
In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory."
 

Now, I wonder what "Wireguard" really refers to in this paragraph. Wireguard is a protocol, or a procedure, right? How can a protocol retain data (a user's real IP address) as soon as it is no longer in use (i.e. as soon as a connection is dropped)? 
I suppose that "Wireguard keeps this data even if the session is closed"  means that the data is stored on a server somewhere. If so, what (whose) server is that? Where is it located?

TIA for your elucidation. Regards,
-- Esjalistas

 

Share this post


Link to post
3 hours ago, esjalistas said:

Wireguard is a protocol, or a procedure, right?


Should be quite obvious that Wireguard means an app implementing the Wireguard protocol. After all, OpenVPN for example is also both the name of the app and the protocol this app implements.
 
3 hours ago, esjalistas said:

I suppose that "Wireguard keeps this data even if the session is closed"  means that the data is stored on a server somewhere. If so, what (whose) server is that? Where is it located?


It's stored on the VPN server you connect to with Wireguard, just like OpenVPN would store it (though, I'd rather call this cached in the case of OpenVPN).

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Posted ... (edited)
On 1/9/2022 at 2:29 PM, gaywallet said:

does anyone have a similar setup and experiencing similar issues? If you're on DSM 7 can you point me at which docker image you're using for the vpn connection? really not sure what to do here...


well I thought I had solved the issue by running wg-quick directly, but stuck on figuring out how to get networking to work for allowedips = 0.0.0.0/1, 128.0.0.0/1
 
On 12/15/2021 at 8:53 AM, Alex0901 said:

The Problem is solved. I made a static route in the DSM and now all works fine.


if you're still around can you explain what you did?

EDIT: apparently got it working with gluetun...
https://www.speedtest.net/result/c/b52f7736-aceb-49a0-bbec-9db866b3ae14 Edited ... by gaywallet

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...