So I’ve been battling this issue for the last few days and have tried as many ways to debug this as I can, but can’t seem to make it work but I’m lost for ideas now.
TL;DR: I can’t connect and reach any site when connected to both the wg-easy or netbird, by lxc, both running on my truenas server, but can’t reach any service running on truenas as trying to connect to any of the UIs will timeout
I’m Scale 25.04
Here is a full breakdown of what my network looks like starting from the top
DNS for both cases is set to 1.1.1.1(cloudflare DNS) to rule out any DNS issue
Port forwards on my isp router for wg-easy is configured correctly, because I can connect back from my Android phone on 5G, to forward WG udp port to TrueNAS where wg-easy is running.
ISP router gateway address is 192.168.1.254
I’m not using a bridged connection for static address but instead using the the TP link deco DHCP to set the static address
I own 2 domains for this setup, both registered with CloudFlare with proxy turned off. let call them cf-vpn-domain.com and cf-home-network-domain.com
cf-vpn-domain.com just points to my public IP so that WG, by wg-easy, knows where to connect to. It has ddns setup, so if my public IP were to change, it will get updated. this is correctly working as expected as I can connect back to wg-easy when on my phone on 5G or in any WIFI network outside my home.
cf-home-network-domain.com has a CNAME record on cf-home-network-domain.com that points to my truenas internal static IP of 192.168.68.55 and an A record of *.cf-home-network-domain.com that points to cf-home-network-domain.com
This is used mostly for Ngnix proxy manager so I can map the truenas UI and the web UI for apps to subdomains and get an SSL certificate by Let’s Encrypt
As long as I’m connected to my home network, the NPM setup works without issues on any device on WIFI network
-
WIFI network is run by 3 TP-Link Deco nodes and is on the 192.168.68.0/24 subnet with DHCP enabled, which is the default deco configuration.
-
The main deco node is plugged into my ISP router by Ethernet.
-
The TrueNas server is plugged into the node on my desk, and it got the address of 192.168.68.55, which I have reserved on the deco app for it so it will always get the same address.
-
wg-easy is installed on TrueNas by the TrueNas app and it has an allowed IP rule set to 0.0.0.0. it’s working to connect back to wg-easy, but can’t access either the TrueNas UI or apps web UI by the NPM proxy host, or for example by
192.168.68.55:81, which is the TrueNas UI. The connection always times out when I try to reach the TrueNas UI or any apps. -
Given I had seen in a few places that this may happen with WG I decided to given netbird a try so I installed it as an instance by lxc. It got the Ip 192.168.68.59 and again its reserved on the deco dhcp by the app so that it will get that IP. I configured the routes as bast I could by the netbird console . I if connect my phone as a peer on 5G I can again get back home and get to the internet, but anything on the 192.168.68.x network is unreachable and I get the same timeouts I got with WG and NPM
cf-home-network-domain.comdomains
Again, I’m not using a bridged (br0) connection but gave the lxc container access to the same eno1 ethernet adapter and let Truenas generate a different mac address so It would get its own IP from my deco DHCP.
So that is where I have gotten to. at this point I don’t know what the issue is or how to fix it. In theory ether wg-easy or netbird should have worked for getting access to TrueNas and the apps but neither of them work and got the same result which points at one thing causing the same issue for both but at this point I do not know where else to look or what else to try as its not obvise to me what may missing in this puzzle.
I’m happy to use either netbird or WG for getting remote access to TrueNas apps and the first one that starts working will be what I’ll use going forward. I just want one of them to work
if anyone has any ides do share as I’m out of ideas