Wireguard unable to connect to server

pinghajen · September 29, 2024, 3:25am

I have a Wireguard peer running on TrueNAS Scale. When the wg1 interface is up I am unable to ping anything besides the gateway. If I use the same config on another Linux machine on the same LAN it just works, it’s only on this machine that it doesn’t work. I can’t ping the wg server on this problem machine either. This VPN is known to be working and I can even connect on this lan to the VPN from another machine. There seems to be a lot of kube clusters iptables rules and it seems that flushing the iptables with
sudo iptables -F
helps until a reboot but I’m not sure what kind of side effects this will cause. Short of a fully fresh install I’m unsure what to do (though this install isn’t really old and is upgraded from core to scale). I have another TrueNAS instance that is able to connect to the VPN but that one is on the same LAN as the server.

Captain_Morgan · September 29, 2024, 6:31am

Similar to this discussion.

If it is kubecluster IP table rules that are causing an issue, then 24.10 may resolve. RC.1 coming out this coming week.

Gyula_Masa · September 29, 2024, 11:04am

Did you configure your Kubernetes bridge interface correctly?

pinghajen · September 29, 2024, 7:49pm

I think this might be the issue, I have no idea how to do this. I reinstalled TrueNAS and it worked but as soon as I tried to setup any apps it messed things up

Gyula_Masa · September 29, 2024, 8:24pm

I use TrueNAS-SCALE 23.10.2 on bare metal.
(just to be completely on the same page.)
GO to your “Network” tab.
In the middle there will be the “Interfaces” section.
It should have something similar like "emp7s0, which is your physical NIC. (assuming, you have only one NIC)
Under that you should see the “br0” (If you installed it new)
To the right of the “Br0” should see the actual IP address and range, so for me it is 192.168.178.4/24
If it is there, go to edit the properties by clicking the “pen” icon next to the bin.
The edit panel slides in from the right.
First is “name” - use br0 here
Second one is the descrition, put here anything that helps you to identify the function of the interface, like “Kubernetes bridge”.
DONT tick, the DHCP or the “Autoconfigure IPv6” boxes.
Then comes the “Bridge settings”

Here you have to selet the other NIC, (enp7s0 in my case) this will be the exit point of the bridge to the actual network.
MTU: leave on 1500 for now, only change, if you want to fiddle with JUMBO frames. (I recommend to NOT to change it at least for now. If the brdge works, you can play with that later.)

Next is the “Alliases” field.
THis is where you should put your exit IP address. That is 192.168.178.4/24, as the enp7s0 NIC’s IP.

Also, check the “GLobal configuration” section right below this one:

Is at least Nameserver 1 filled out? (for me, it is my router. 192.168.178.1)
Is the “default route” option has a valid IP address added? ( The same here, 192.168.178.1)
IPv6 address is not mandatory, only, if your ISP ran out of IPv4 addresses, and uses IPv6 only.

After this, save all data, and restart your Truenas.

Then go to the “apps” tab, and select “Settings” from the top right corner.
Select, “Advanced settings”
The side panel slides in.
Node IP is 192.168.178.4
Route v4 interfce is br0
Route v4 gateway is 192.168.178.1
The next 3 checkboxes are checked for me.
Then you have 3 IPs left:
Cluster CIDR: 172.16.0.0/16
Service CIDR: 172.17.0.0/16
Cluster DNS: 172.17.0.10
(I am not an IT specialist, so I only guess, this is the setting for the Kubernetes, internal “virtual network”. I apologise, if I am wrong about this.)

The “Force” checkbox is unchecked.
Then save, restart and check functionality.

pinghajen · September 29, 2024, 10:29pm

I tried this, per your suggestion. I added the bridge and the same thing is happening, when the apps service and wireguard are both running I can’t ping 1.1.1.1. At this point I’m wondering if I could just run plex in a VM on the machine with the GPU

Edit: I tried to bind to both 0.0.0.0 and the local ip and it still didn’t work

Gyula_Masa · September 30, 2024, 6:42am

Maybe try for temporarily the
$ sudo service iptables stop

OR

$ sudo ufw disable

commands.
That will allow all traffic in Iptables or ufw.
(but, please dont forget to re-enable them after you are done!)
EDIT: trying the install it under a VM is also a nice idea, my instance of Plex, that is actually working is also running on a VM under Proxmox.