Home Assistant Community Add-on: WireGuard

Guys I have an issue. I’ve got my Wire Guard VPN working flawlessly, when connected in my phone, I can access local IP addresses outside my network including HA. Although, since I want to access HA with the app, I can’t access the HA through my duckdns address outside my home network since I’ve disabled the 8123 port forwarding rule when I set up the Wire Guard port forwarding rule (I have the VPN port forwarded, it doesn’t make sense to have another port forwarded).

Basically the https://my_duckdns.duckns.org:8123 doesn´t redirects to my HA when I’m outside my local network. If I access https://my_duckdns.duckns.org it redirects to my router web interface. Am I missing something? Should I keep the 8123 duckdns port forwarded like the tutorials for duckdns told to?

I’m really struggling in connecting to my HA outside the lan with my duckdns address (I can only with the local IP) and can’t access in the app either.

Hi guys, great add-on, thank you.

I have a local server (openmediavault/ debian) which I use for media etc + running Home Assistant as a virtual machine.

I have the following problem: I cannot access the SMB shares from my local media server while using wireguard in a Windows 10 laptop. I can however access my local network devices using their IP in the browser, but not the SMB shares.

image

Using my androoid phone I have no problem connecting to these local SMB shares, however it does not work on Win 10.

Does anybody have an idea?

this is my config for wireguard on the Win 10 laptop:

[Interface]
PrivateKey = XXXX
Address = 172.27.66.XX/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = XXXX
AllowedIPs = 0.0.0.0/0
Endpoint = XXXX.duckdns.org:xxxxx

Hi,

Did you achieve the site to site configuration ?

Keep the existing ports opened already (which you have set up, and is required by services), and simply open the one new port that WireGuard requires. I did this, and it works flawlessly.

Hi,
I’m using the same configuration but i have the same problem.
This is my configuration

-  platform: rest
   name: wireguard
   resource: http://a0d7b954-wireguard
   json_attributes:
   - PC....1
   - PC....2
   value_template: "OK"

The sensor keeps changing state between “Unknown” and “OK” every minute
Has anyone managed to solve this problem? Or san someone share the correct config?

Thanks

Under the servers.dns option in this addon it says this:

If you are running the AdGuard add-on, you can add 172.30.32.1 as a DNS IP address in the list. This will cause your clients to use those. What this does, it effectively making your clients to have ad-filtering (e.g., your mobile phone), while not at home.

Is this still true after the update to v4 of the Adguard add-on? Since it runs on the host network now is that still the correct URL to reach it at from Wiregaud or does it need to be updated? I’m trying to hit it with dig from the ssh add-on and doesn’t seem like its reachable at that address anymore.

EDIT: Yea I really don’t think this works anymore. Queries coming from the rest of my network are still correctly going through adguard but any DNS queries originating from within the supervisor docker network are just going to hassio_dns. I have no idea what’s answering those queries now since its not the adguard addon.

Try setting tour localhost IP as DNS in Wireguard. Don’t forget to update the clients. Works for me

Yea ok that worked as long as I used the LAN address of the host machine. localhost and 127.0.0.1 didn’t work. It seems a bit strange to use the LAN address like any other device on my home network, is there no easy way to reference the host machine from within a container?

Does not work here. Just to be clear, I have changed the DNS from 172.30.32.1 in both the Wireguard server config (supervisor) and client configurations, and I am now using the single IP stated by the Adguard add-on (The Adguard DNS is listening to … 192.168…)… There seems to be a connection to the Wireguard server - but no internet traffic…

Remember to update the configuration of your clients. Either uodate the dns by hand or remove and re-add.

As I wrote: “in both the server config and client configurations”…

How is your Adguard addon configured? Do you have it set up to listen for DNS over HTTPS requests? If so that’s likely a problem. The Adguard will only listen on the host for either DNS over HTTPS requests or normal DNS requests on port 53 but not both. Previously that was ok with Wireguard because internally within the docker network it was listening for both types of requests. Now that everything has to go through the host machine with the LAN address that trick won’t work anymore without additional work.

Just guessing though. The LAN IP works for me so you might have to share more about the respective configs of the addons to figure out what’s happening.

Sorry, missed that it seems.

HI, do you mean this?

this is my config

Screenshot 2021-03-14 205939
Adguard and wireguard are running on the dame ha,
but i can’t reach public urls and i don’t see client connectios on adguard

You are listing 172.30.32.1 as the DNS. As mentioned in the posts above, that won’t work anymore as of Adguard 4.0. You have to use the LAN address of HA instead. You also have to update all existing clients.

OMG, sorry. I missed that. yep. after changing DNS to HA IP it works :grinning:
thank you so much

1 Like

Which host?

mysite.duckdns.org

I mean, Ubuntu? Try resetting your Host-dns.

Thank you for a super add-on! Managed to install and configure it in a few minutes, but now I would have a question.

I would like to use the Wireguard HA addon (located in a remote location) as a bridge between my home network and the remote location’s network. I can currently create a VPN tunnel from my home laptop to the remote Wireguard and access all devices at the remote location’s network. But the tunnel is limited to my laptop. I would like to expose the remote devices to all my home network’s devices.

I have a HA installation also at my home network. Can I somehow install a Wireguard client on this HA instance and connect it to the remote HA Wireguard server? Or what would be the best way to expose for example the remote network’s cameras to my home network via the VPN?

1 Like