Try removing the ‘/32’ at the end of all three ip addresses?
I’m sure that this must be covered here, but I’ve read through the entire thread and am still confused.
My goal is to use Wireguard only for connections to my home LAN where the Home Assistant instance is located. Internet connections to/from the peer devices should not go through the Wireguard server.
I’ve got the add on up and running. However, I’m unsure how to test whether internet traffic on the peers is making the trip through the Wireguard server or is being routed directly.
Could someone please confirm that the configuration below is correct to achieve what I’ve described? The docs imply that I may also need to modify the default server.post_up
settings.
The home LAN IP range is 192.168.86.x. The server is at 192.168.86.111, to which I’ve assigned 172.244.66.1.
Thanks!
server:
host: xxxxxxxxxx.duckdns.org
addresses:
- 172.244.66.1
dns: []
peers:
- name: ronxps2in1
addresses:
- 172.244.66.2
allowed_ips:
- 172.244.66.0/24
client_allowed_ips: []
- name: ronpixel5
addresses:
- 172.244.66.5
allowed_ips:
- 172.244.66.0/24
client_allowed_ips: []
If you find out, let me know.
I want to set up the Wireguard for my Home Assistant set up, via my external domain name. However, I do not want to impede on the family’s internet traffic.
I’m using the wireguard on my iphone to connect to my local network and this works quite well. In addition I’m using as well an PiHole.
As soon I’m connected via wireguard in PiHole it shows only the gateway of the docker container and not the IP of my iPhone.
Is there a way to send the IP of the iPhone to PiHole?
Guys I have an issue. I’ve got my Wire Guard VPN working flawlessly, when connected in my phone, I can access local IP addresses outside my network including HA. Although, since I want to access HA with the app, I can’t access the HA through my duckdns address outside my home network since I’ve disabled the 8123 port forwarding rule when I set up the Wire Guard port forwarding rule (I have the VPN port forwarded, it doesn’t make sense to have another port forwarded).
Basically the https://my_duckdns.duckns.org:8123 doesn´t redirects to my HA when I’m outside my local network. If I access https://my_duckdns.duckns.org it redirects to my router web interface. Am I missing something? Should I keep the 8123 duckdns port forwarded like the tutorials for duckdns told to?
I’m really struggling in connecting to my HA outside the lan with my duckdns address (I can only with the local IP) and can’t access in the app either.
Hi guys, great add-on, thank you.
I have a local server (openmediavault/ debian) which I use for media etc + running Home Assistant as a virtual machine.
I have the following problem: I cannot access the SMB shares from my local media server while using wireguard in a Windows 10 laptop. I can however access my local network devices using their IP in the browser, but not the SMB shares.
Using my androoid phone I have no problem connecting to these local SMB shares, however it does not work on Win 10.
Does anybody have an idea?
this is my config for wireguard on the Win 10 laptop:
[Interface]
PrivateKey = XXXX
Address = 172.27.66.XX/24
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = XXXX
AllowedIPs = 0.0.0.0/0
Endpoint = XXXX.duckdns.org:xxxxx
Hi,
Did you achieve the site to site configuration ?
Keep the existing ports opened already (which you have set up, and is required by services), and simply open the one new port that WireGuard requires. I did this, and it works flawlessly.
Hi,
I’m using the same configuration but i have the same problem.
This is my configuration
- platform: rest
name: wireguard
resource: http://a0d7b954-wireguard
json_attributes:
- PC....1
- PC....2
value_template: "OK"
The sensor keeps changing state between “Unknown” and “OK” every minute
Has anyone managed to solve this problem? Or san someone share the correct config?
Thanks
Under the servers.dns
option in this addon it says this:
If you are running the AdGuard add-on, you can add
172.30.32.1
as a DNS IP address in the list. This will cause your clients to use those. What this does, it effectively making your clients to have ad-filtering (e.g., your mobile phone), while not at home.
Is this still true after the update to v4 of the Adguard add-on? Since it runs on the host network now is that still the correct URL to reach it at from Wiregaud or does it need to be updated? I’m trying to hit it with dig
from the ssh
add-on and doesn’t seem like its reachable at that address anymore.
EDIT: Yea I really don’t think this works anymore. Queries coming from the rest of my network are still correctly going through adguard but any DNS queries originating from within the supervisor docker network are just going to hassio_dns
. I have no idea what’s answering those queries now since its not the adguard addon.
Try setting tour localhost IP as DNS in Wireguard. Don’t forget to update the clients. Works for me
Yea ok that worked as long as I used the LAN address of the host machine. localhost
and 127.0.0.1
didn’t work. It seems a bit strange to use the LAN address like any other device on my home network, is there no easy way to reference the host machine from within a container?
Does not work here. Just to be clear, I have changed the DNS from 172.30.32.1 in both the Wireguard server config (supervisor) and client configurations, and I am now using the single IP stated by the Adguard add-on (The Adguard DNS is listening to … 192.168…)… There seems to be a connection to the Wireguard server - but no internet traffic…
Remember to update the configuration of your clients. Either uodate the dns by hand or remove and re-add.
As I wrote: “in both the server config and client configurations”…
How is your Adguard addon configured? Do you have it set up to listen for DNS over HTTPS requests? If so that’s likely a problem. The Adguard will only listen on the host for either DNS over HTTPS requests or normal DNS requests on port 53 but not both. Previously that was ok with Wireguard because internally within the docker network it was listening for both types of requests. Now that everything has to go through the host machine with the LAN address that trick won’t work anymore without additional work.
Just guessing though. The LAN IP works for me so you might have to share more about the respective configs of the addons to figure out what’s happening.
Sorry, missed that it seems.
HI, do you mean this?
this is my config
Adguard and wireguard are running on the dame ha,
but i can’t reach public urls and i don’t see client connectios on adguard
You are listing 172.30.32.1
as the DNS. As mentioned in the posts above, that won’t work anymore as of Adguard 4.0. You have to use the LAN address of HA instead. You also have to update all existing clients.
OMG, sorry. I missed that. yep. after changing DNS to HA IP it works
thank you so much