Same here… Latest updates of Home Assistant break Wireguard addon. Wireguard was working well in past, but now, connection is established but cannot access internal network or Home Assistant.
As it was working as addon, I would not like to start to install it into Debian directly (I am not IT wizard).
Has some one solution to make Wireguard to work again?
Just going to share this tip in case it helps anyone else.
I was having trouble with WireGuard, even after fixing the DNS IP. In my case, I discovered the guest network I was on was blocking port 51820, so I had to forward a different port to get VPN to work.
hi,
i haeve the same problem, brand new homeassisant installation on raspberry, wireguard connect but i don’t have any connection with lan devices or internet
anyone have solved?
thanks
Hi, I had the same last weekend, changed the port and then it worked - might have been specific to my network setup but since the same solution was also successful for @apop maybe not a coincidence
Hi, I have already changed port without success
Just as a test you might want to try this: while you are on your home network
<HomeAssistant LAN/Internal IP>:<WireguardPort>
Check if your connection works now.
If it works, it’s probably something in your forwarding.
Yes, from internal LAN it works.
I don’t think its port forwarding unless i need other port than 51820 udp
from the registry i can see that my phone is connected from internet ip
[15:34:15] INFO: Requesting current status from WireGuard…
interface: wg0
public key:
private key: (hidden)
listening port: 51820
peer: gCgeumyoR94O08X+VL+h17MvXl4BOCFp+oRmrpLsUis=
endpoint: 5.168.29.191:19361 <---- internet ip of my phone
allowed ips: 172.27.66.2/32
latest handshake: 7 seconds ago
transfer: 1.52 MiB received, 7.71 MiB sent
persistent keepalive: every 25 seconds
The fact that the LAN test works means that the WireGuard add-on is functioning and so the issue must be somewhere in your traffic-routing. It takes a lot of info about your network config to debug that, for example:
Your network config is a different story than the add-on not working and it seems that your add-on is working just fine.
Changed min to be 0.0.0.0/0, 192.168.0.0/24 and now I can access the web and my entire network… Weird how this is only needed on my iOS devices but not my wife’s android. But you solved my issue that I have been working on for days.
I have problem with Adguard when connected thru Wireguard
When i am on my wifi adguard works ok, but when i go thru Wireguard from outside adds are there
in dns i putt ip of my HA(adguard is on my computer on HA) and 172.30.32.1
server:
host: my.duckdns.org
addresses:
- 111.11.11.1
dns:
- 172.30.32.1 ----WHAT TO PUTT HERE
- 192.168.2.200 ------WHAT TO PUTT HERE
peers:
- name: Mi9T
public_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
addresses:
- 111.11.11.2
allowed_ips: []
client_allowed_ips: []
hey… sorry my english is not so good…
for example i create a wireguard config… I have a:
adress pool with 172.27.66.0. …
server= 172.27.66.1.
client= 172.27.66.2
what i should write in the config to add a plex server ip like 10.10.20.3 , that the client could communicate only to them
I do have DuckDNS with Lets Encrypt setup to use mydomain.duckdns.org.
Alright, so i got wireguard working and i CAN browse from my iphone to https://homeassistant.local:8123 where Safari does show invalid cert error(because homeassistant.local is not mydomain.duckdns.org), but still allows me to browse through.
My problem is that HA Companion app for IOS does not allow you to login when using https://homeassistant.local:8123 when Wireguard is running
I would like to avoid forwarding port 8123 from the interwebs to my HA instance, I was hoping having a VPN such as wireguard would help me.
How do you folks securely make your HA instance accessible via HA Companion IOS app when not at home?
Hi twproject. How did you allow private ip in your configuration above, I have the same problem?
Hi,
I’ve got this excellent add-on more-or-less running as I’d like, but I’m having trouble accessing a Linux client from the LAN side.
The problem is, I can’t access, or ping, the client, from the LAN.
I wonder if this is a routing issue (possibly between HA OS and the WG Container?), rather than the WG settings necessarily, but at this point I’m a bit lost for ideas.
Many thanks in advance for your help.
Gareth
Server config:
server:
host: <my duckdns address>
addresses:
- 172.27.66.1
dns: []
peers:
...
- name: laptop
public_key: ...
addresses:
- 172.27.66.3
allowed_ips: []
client_allowed_ips: []
Client config:
[Interface]
PrivateKey = ...
Address = 172.27.66.3
[Peer]
PublicKey = ...
Endpoint = <my duckdns address>:51820
AllowedIPs = 192.168.0.0/24, 172.27.66.0/24
Output from iptables -S on server’s WG Container terminal:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i wg0 -j ACCEPT
-A FORWARD -o wg0 -j ACCEPT
I’m using the wireguard add on together with my pi-hole, so that I have on my mobile network an adblocker as well.
It works quite well.
The only thing, in pi-hole I see for all devices the same IP as soon they are connected via wireguard.
that’s my config
server:
host: xxxx.duckdns.com
addresses:
- 172.27.66.1
dns:
- 192.168.200.33
peers:
- name: iphonepro
addresses:
- 172.27.66.2
allowed_ips: []
client_allowed_ips:
- 192.168.200.0/24
- name: ipad
addresses:
- 172.27.66.3
allowed_ips: []
client_allowed_ips:
- 192.168.200.0/24
in pi-hole I see then only the ip 172.17.0.1 (which I guess is a docker container)
My setup
Wireguard as a add-on
Pi-Hole as docker container
Home Assistant as supervisor
all on the same raspberry
any Idea what settings to change to see the vpn ips of the devices in pi-hole?
Hi All,
Is this still working in 2021.7.x HA version?
I don’t get any sensor …
- platform: rest
name: "Wireguard Sensors"
resource: http://a0d7b954_wireguard
json_attributes:
- client1
value_template: "OK"
server:
host: wg.mydomain.com
addresses:
- 172.11.5.1
dns:
- 192.168.100.1
peers:
- name: client1
addresses:
- 172.11.5.2
allowed_ips: []
client_allowed_ips: []
log_level: error
It is working already… was forgotten to put the API part on in the add-on.
Changed it to a different port then 80 and add the port behind the resource link
Now its working
Hi there all,
and first of all thanks a lot for this add-on.
I have Hass OS installed on Qnap Nas and I just configure WireGuard in order to
connect via VPN to my home LAN.
I can connect to WireGuard from my laptop from outside,
I can navigate also, but I can’t access to my home LAN.
My configuration is:
server:
host: mydomain.me
addresses:
- 172.27.66.1
dns: []
peers:
- name: SamsungNoteCell
addresses:
- 172.27.66.2
allowed_ips: []
client_allowed_ips: []
- name: Laptop
addresses:
- 172.27.66.3
allowed_ips: []
client_allowed_ips: []
Can anybody tell me please what I must add in order to access from outside laptop to my home LAN ?
Thanks in advance
Denis
Hello WireGuard Experts, basically I do have Wireguard running fine, but I would like to extend it to support ipv6. But I cannot get this to run:
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.xx.xx.1/24 dev wg0
[#] ip -6 address add fd00:xx::1/64 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0
[13:37:06] INFO: Requesting current status from WireGuard...
server:
host: xxx.myfritz.net
addresses:
- 172.xx.xx.1/24
- fd00:xx::1/64
dns:
- 192.168.xxx.1
- fd00::xxx:xxx:xxx:xxx
peers:
- name: Phone
addresses:
- 172.xx.xx.2
- fd00:xx::2
allowed_ips:
- 0.0.0.0/0
- '::/0'
client_allowed_ips: []
Can anyone help?
Is ipv6 disabled in deeper config-files?
Hello there,
I am trying to configure Home Assistant (on a raspberry Pi) with Wireguard in Order to connect to my Phone and Notebook while on the go. Since my ISP does not allow me to open any ports I instead tried to use Wireguard on a rootserver I already owned. I succeded in connecting my Notebook and Home Assistant to the VPN and successfully pinged the raspberry pi from my Notebook, but when I try to Access Home Assistant over the VPN I don’t get a Connection. My Setup is as followed:
Home Assistant:
server:
host: homeassistant.local
addresses:
- 10.0.0.2
dns: []
private_key: <my-key>
peers:
- name: andor
addresses:
- 10.0.0.1/24
public_key: <root-server-public-key>
endpoint: <root-server-ip>:51820
allowed_ips: []
client_allowed_ips: []
Root-Server:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <private-key>
#Home Assistant (RPi)
[Peer]
PublicKey = <public-key>
#PresharedKey =
AllowedIPs = 10.0.0.2/32
#Phone
[Peer]
PublicKey = <public-key>
#PresharedKey =
AllowedIPs = 10.0.0.128/32
#Notebook
[Peer]
PublicKey = <public-key>
#PresharedKey =
AllowedIPs = 10.0.0.129/32
Notebook:
[Interface]
PrivateKey = <private-key>
ListenPort = 51820
Address = 10.0.0.129/32
[Peer]
PublicKey = <public-key>
AllowedIPs = 10.0.0.1/24
Endpoint = 152.89.104.59:51820
PersistentKeepalive = 25
Does anyone have any Idea, why I get a connection refused, while trying to connect to http://10.0.0.2:8123/ ?