I have a problem with my truenas server. When I connect to it via the wireguard vpn, I can login on the website and see evereything there, but all other things that need an internet connection don’t, work. Google won’t load, and the most important thing: windows explorer can’t see the server, because it doesn’t have an internet connection. When connected via the vpn on windows, it says connected, but the taskbar shows that there is no internet connection. The picture is a screenshot of my phone, because I have the exact same problem on it. My settings on my laptop and phone are the same for the vpn client. How can I fix this?
The AllowedIPs with 0.0.0.0 tells the peer to send all network traffic through WireGuard tunnel. Unless you set up routing on the TrueNAS that routes Internet bound traffic is going to stop there.
Either add routing on the TrueNAS side
Or limit the AllowedIPs to your WireGuard network and the network TrueNAS is on.
Does your WAN router have a route back to your wireguard client network?
Your wireguard server presumably has a route out to the internet, so it can send your wireguard client’s traffic out to WAN but when it get’s back, your WAN router doesn’t know where this mysterious 10.8.0.x/24 network is, so it just drops the traffic.
Edit:
Assuming youre using a unix-like os for your server. Use this to test:
ip route add 10.8.0.0/24 via <wireguard servers IP address> dev <interface that your router would reach your wireguard server through>
Then implement it persistently however one would do that on whatever OS your wireguard server is running.
can you post all configs? you cant access internet on your phone when the vpn is enabled, or the nas cant access the internet? are you trying to send all phone internet traffic out of your wireguard (truenas) server?
you also might have trouble connecting these tunnels on the same LAN without adding your LAN gateway to the allowed ips. change all endpoints to /32 and add your local LAN in allowedip’s (probably like 192.168.0.0/24), or the default gateway’s ip with /32 (like 192.168.0.1/32), onto the client.
-
Check the allowed ips on the other side. (Its like an ACL for recv packets)
-
Check if forwarding on the other side is active
-
Check your routing table on the other side.
-
Try to ping from both sides external and wg ips.
-
Try to tracert from both sides. Same ips as above
-
Post your results
If you only want to access your truenas, don’t set AllowedIPs to 0.0.0.0/0, set it to the IP of your truenas.
Do you know how I could set up routing on my truenas server? I’m pretty new to it and don’t know much of it yet
Sorry but the 10.8 is handle on both sides. So this is not helpfully.
There is a specific route for the 10.8.
My phone can’t acces the internet when connected with the vpn. It can only load the truenas webgui. I will try to change the endpoints like you said
I’m pretty new to all this stuff, could you explain how I check these things?
if I do that, I have acces to everything again like google and all other sites, but not the truenas site
I believe TrueNAS runs WireGuard in a Docker container, which adds another layer of complexity. You’d need to make sure the Docker server, the WireGuard container, and your router all have the necessary forwarding rules.
What you’re talking about is a “Full tunnel WireGuard setup on TrueNAS Scale”. This sends ALL traffic through the WireGuard tunnel, then out the remote network’s router. Docker typically uses its own network, so that’s another network that needs to be configured properly. You might have some luck searching for “Full tunnel WireGuard on Docker”, although you may be limited by whatever Docker functionality TrueNAS exposes. I’ve never attempted this so I can’t help much here.
It would be easier to set up a “Split tunnel”. This is what I would recommend. In a split tunnel only the traffic destined to the IPs / Networks listed in AllowedIPs goes over the WireGuard tunnel. Everything else goes out the local WAN like normal.
To do the split tunnel, all you need to do is remove the 0.0.0.0/0 network from AllowedIPs and add
- Your WireGuard server network. Example: 10.8.8.0/24 (or server IP 10.8.8.1/32)
- Your Docker network. Example: 172.22.22.0/24
- Your LAN network. Example: 192.168.100.0/24
Which would give you:
AllowedIPs=10.8.8.0/32,172.22.22.0/24,192.168.100.0/24
Adjust the IPs above to match your networks.
If you still prefer to do a full tunnel, search for things like “How to set up a full tunnel WireGuard server in Docker on TrueNAS”.
Sure. All followed commands should run on command line
- Show the wireguard config on youre truenas for all interfaces
wg show - Show if forwarding is active on your truenas
cat /proc/sys/net/ipv4/ip_forward - Print your routing table
ip route - Check if the interfaces are reachable from both sides
ping
ping <wg_ip> # this are the 10.xx ips - Same as 4. but checking all hops
tracert
tracert
Set allowedip to the 10.8.0.x your truenas has.
Try to access it using the same address.
God bless you man!
sorry for necroposting but it was helpful
U have a private ip address for your true nas, is this the one u connected to? Or is you phone outside and connected with the public ip and forwarded port to ure truenas?
Furthermore your routing table looks wired. Plz post your ip addr output also.
My phone is connected to the external ip, using the 51820 port at the end of it.
this is what I get when I type in the shell: ip addr