Hi Teckworks ! Thanks for you video. I just wnat to all other viewers that this setup will not work with TrueNAS SCALE 24.04.2 . I 've insteand installed TrueNAS SCALE 23.10.2 and works just fine. No need to creat a bridge or had these 2 variables.😉
I was able to get mine working on SCALE 24.04.2 by only changing the default ports. I have previously used the TrueCharts wireguard application, but I wanted to switch to this wg-easy application after TrueCharts kicked the bucket so I get more updates. Did you change anything else or potentially have a firewall rule set up that could be blocking connections?
@@somebody943 You got any more information on this? Or how you set it up? I can create the connection and data is sent back and forth as i'm sending and receiving data but I lose all internet access on my PC whilst WG is enabled even with Host Network turned on.
Thanks for the tutorial. In case anyone meets very slow speed (almost zero) after finishing the first part of tutorial, it could be due to MTU being too large and causing ISP throttling: by simply reducing MTU on both end (perhaps client only should also work, but I did both) from the default 1420 to 1300, I could get 60% of the speed of without VPN. It took me a full afternoon to figure this out...
Great video, very informative. I was able to follow every step and get it to work. My only issue is that the connection is very slow, and some times when I try to access resources on my home lab it times out. The main usage that Im trying to get out of this, is to be able to access my VSCA server from anywhere and be able to SSH to my VMs using MobaXtern. Both are timing out.
I hate to tell you this, but port forwarding isn't possible on T-mobile home internet, which is the only reason I don't have it. It is possible to set up reverse proxies or cloudflare tunnels, but it is a real pain from what I've heard. Hope you can figure it out.
What if I want to keep my home network private instead and connect my NAS server to my remote VPS as a WG client? VPS is WG server. After that I could setup ingress on the VPS
I have two problems. The first problem is when i try to ping ddns it shows me "Destination host unreachable.". My second problem is, that I don't know to what ip i should forward port 51820 that was mention on the video. I'm new to this kind of staff, but i want to set up wireguard, because tailscale have low transfer speed. Any suggestions ?
I can connect the VPN but nothing actually works. I tried the “fix” at the end but what’s weird is, when I try to delete the IP of the interface before creating the bridge, it tells me that applications are using it and it won’t let me delete it. It is a bond (two ethernet ports bound together) if that matters.
You have to unset the pool in apps->settings, and later set the pool back, your apps and data would be intact. I guess changing all apps' network interface to the bridge like he did in the video (in his case, he had only one app) should also work, as it ensures no app is using the original interface so you can change it.
Well, port forwarding is huge pain, it is practically called differently for each router in the world. It is impossible to detail it more. The most efficient way is to start a google search with oyur router name and port forwarding.
great tutorial, but I dont really understand the part about port forwarding - i know i need to forward from 51820 but i dont know where to forward it to. Any tips?
Simplest way to think is. If a connection from outside is going to try to contact something inside it will get to your modem on a port, your modem has to decide which computer on your private network to send the traffic to based only on that port. So if outside tries to connect using port 51820 your modem should be set up to forward that traffic to the IP address of the wireguard app on with the same port. You can also change what port is used outside.
So I should set up the forwarding from 51820 to the IP of my NAS? That way the modem sends the traffic from the WireGuard straight to the NAS, if I understood it correctly...
Hi i install the wireguard, when i connected to VPN, It shows that data can receive and sent out, but i cannot access my truenas server, what is the solution
this actually worked great for me the first 2 days (the day i did and the next) but suddenly my IP address for the nas changed as i had DCHP on and nothing worked, i changed it to a static ip (the original one i used that worked) and still nothing works. Would you maybe know what to do? im very new to all of this! thanks!
Yes. This was over a slow connection. It also can be contributed to the performance of the truenas machine if it is slow also. I have had speed of 60mbsec
I'm a little confused. Could someone help me with one question? In the "Hostname or IP" Line he says if I want to use my own ip instead of a DDNS I have to go to the internet and google "What's my IP" BUT if I do that with my normal PC and not with the TrueNas Scale system it obviously shows the Ip of my windows PC. Do I have to write my windows PC's Ip in that line or the IP from the TrueNas?
Your internet ip from you windows machine will be the same as your TN as long as they are both connected to the same modem.. the modem is what has your internet IP. If your TN is not connected to to same ISP modem then they will be different
@@TechworksOnline nvm. I think I now know which Ip it is. I just watched your DDNS Tutorial from 2 Years ago and in the DDNS provider stands your 99.xx.xx.xx ip which is blurred. This is the IP you mean, right?
On your fritz box it might tell you the public IP. And on your fritzbox there should be a port forward. Set both inbound and outbound to the port you want to use.. match the ones used in the video.
Last question I promise lol, Does this protect my TrueNAS Scale server in other words if I had the media server stuff (don't worry nothing illegal) deployed would it encrypt all of that traffic?
Any data that travels over the VPN link would be encrypted data. If you access the data from within your local subnet and it does not travel to the VPN client then it would not be encrypted data.
App Version 10, Chart Version 2.0.12 is not deploying (it's been stuck for about an hour Deploying status marked with yellow) Yes I did put the default WG ports and followed the tutorial as I should. The only difference is that I didn't used a DNS and used my IP (yep triple checked it if that's the real IP and didn't made any typos) and I allocated more resources 8gb of ram and 4000m cpu since I have plenty of to spare. Any ideas what I'm doing wrong ?
With that version in the workloads pane. You can check the logs and see what it is getting stuck on for the container.. go from there. Maybe leave the resources as default
@bpcsa061169 if you are remote from your house and the VPN connects but you are not able to browse the internet then you may have an issue with wireguard config
@@TechworksOnline I dont really know which part goes wrong, I followed every steps. I think the there is nothing wrong about the connection but I notice that my client phone transfer rate is extremely slow. like rx: 0B and tx: around 3KiB
Make sure your phone is not connected to the same network as your truenas. Like disconnect your phone from wifi first. Then test using just your cell phone 5g connection (or 4g)
@@TechworksOnline done. after I took apart my server, switched the RAID card for an old GPU, edit the settings then put everything back in its place. Not it no longer breaks but still 0 B recieved. even after doing all the steps
You made sure the port forwarding is set correct and the network adapter is the correct one? Make sure the remote machine IS OUTSIDE your network. Like not on you home wifi. It has to be from an actual remote location. Most ISP will have some blocking or NATing that it won't work with if you do try to vpn to a machine inside the local network
@@TechworksOnline my nas server is indeed on my home network, but I've configured port forwarding all the way. It works flawlessly for other services such as Plex.
Why would you put the external IP/hostname in the Wiregaurd config? I don't understand that, I am not wanting anyone coming in to the server on the private network. Please excuse my stupidty I am not a network guy. But that doesn't make sense to me. Thank you. Good Job on the Video my friend.
The certificates that are created, are created against the public facing address for authentication when the client attempts to connect. This also allows the connection file dispensed in the website to have the external host name in the file so that when you import it to wireguard client, the connection hostname is already there.
Hi Teckworks ! Thanks for you video. I just wnat to all other viewers that this setup will not work with TrueNAS SCALE 24.04.2 . I 've insteand installed TrueNAS SCALE 23.10.2 and works just fine. No need to creat a bridge or had these 2 variables.😉
I was able to get mine working on SCALE 24.04.2 by only changing the default ports. I have previously used the TrueCharts wireguard application, but I wanted to switch to this wg-easy application after TrueCharts kicked the bucket so I get more updates. Did you change anything else or potentially have a firewall rule set up that could be blocking connections?
@@somebody943 You got any more information on this? Or how you set it up?
I can create the connection and data is sent back and forth as i'm sending and receiving data but I lose all internet access on my PC whilst WG is enabled even with Host Network turned on.
Thanks for the tutorial. In case anyone meets very slow speed (almost zero) after finishing the first part of tutorial, it could be due to MTU being too large and causing ISP throttling: by simply reducing MTU on both end (perhaps client only should also work, but I did both) from the default 1420 to 1300, I could get 60% of the speed of without VPN. It took me a full afternoon to figure this out...
I have the same issue with the rx traffic at 92B or a few kB, tried multiple MTU values but it remains still so slow, have you got any tips?
Changing it to 1300 seems to have worked for me. However it's still spotty sometimes.
Great setup. So the Wireguard runs on TrueNas without a external wireguard setup on my network?
Great video, very informative. I was able to follow every step and get it to work. My only issue is that the connection is very slow, and some times when I try to access resources on my home lab it times out. The main usage that Im trying to get out of this, is to be able to access my VSCA server from anywhere and be able to SSH to my VMs using MobaXtern. Both are timing out.
I'm trying to use my mullvad vpn with wireguard in truenas could you explain that way of access?
is there anyway without port forward? my t-mobile home internet doesn't support port forwarding
I hate to tell you this, but port forwarding isn't possible on T-mobile home internet, which is the only reason I don't have it. It is possible to set up reverse proxies or cloudflare tunnels, but it is a real pain from what I've heard. Hope you can figure it out.
What if I want to keep my home network private instead and connect my NAS server to my remote VPS as a WG client? VPS is WG server. After that I could setup ingress on the VPS
good job!! after a lot of try this is the best solution! thanks for sharing your knowledge
I have two problems. The first problem is when i try to ping ddns it shows me "Destination host unreachable.". My second problem is, that I don't know to what ip i should forward port 51820 that was mention on the video. I'm new to this kind of staff, but i want to set up wireguard, because tailscale have low transfer speed. Any suggestions ?
The destination IP is the IP of your server, to which you want to connect in your local network
I can connect the VPN but nothing actually works. I tried the “fix” at the end but what’s weird is, when I try to delete the IP of the interface before creating the bridge, it tells me that applications are using it and it won’t let me delete it. It is a bond (two ethernet ports bound together) if that matters.
You have to unset the pool in apps->settings, and later set the pool back, your apps and data would be intact. I guess changing all apps' network interface to the bridge like he did in the video (in his case, he had only one app) should also work, as it ensures no app is using the original interface so you can change it.
I can't connect to TrueNAS from external IP (from mobile phone for example). Any solutions?
Did you do the port forwarding on you isp router.
Really good video, could have explained better the port forwarding part but apart from that excellent explanations :)
Well, port forwarding is huge pain, it is practically called differently for each router in the world.
It is impossible to detail it more.
The most efficient way is to start a google search with oyur router name and port forwarding.
great tutorial, but I dont really understand the part about port forwarding - i know i need to forward from 51820 but i dont know where to forward it to. Any tips?
Simplest way to think is. If a connection from outside is going to try to contact something inside it will get to your modem on a port, your modem has to decide which computer on your private network to send the traffic to based only on that port. So if outside tries to connect using port 51820 your modem should be set up to forward that traffic to the IP address of the wireguard app on with the same port. You can also change what port is used outside.
So I should set up the forwarding from 51820 to the IP of my NAS? That way the modem sends the traffic from the WireGuard straight to the NAS, if I understood it correctly...
thanks. great video.
Hi i install the wireguard, when i connected to VPN, It shows that data can receive and sent out, but i cannot access my truenas server, what is the solution
any video on connecting two trusnas though wireguard to sync files
Look into a service called TailSCALE. Lawrence systems has a few good videos explaining it.
the video seems to start in the middle of a larger one. where is part 1?
Go to 1 minute mark
this actually worked great for me the first 2 days (the day i did and the next) but suddenly my IP address for the nas changed as i had DCHP on and nothing worked, i changed it to a static ip (the original one i used that worked) and still nothing works. Would you maybe know what to do? im very new to all of this! thanks!
Did you change your port forwarding in your router? Also the hostname in the setting of wg-easy @4:00
what is the maximum speed ? I can see you get 2-3mb? Does it depend on your upload speed by isp?
Yes. This was over a slow connection. It also can be contributed to the performance of the truenas machine if it is slow also. I have had speed of 60mbsec
I've try all the steps on this video and i still cant get this to work, any idea how to fix it?
Are you on Discord?
I'm a little confused. Could someone help me with one question?
In the "Hostname or IP" Line he says if I want to use my own ip instead of a DDNS I have to go to the internet and google "What's my IP" BUT if I do that with my normal PC and not with the TrueNas Scale system it obviously shows the Ip of my windows PC. Do I have to write my windows PC's Ip in that line or the IP from the TrueNas?
Your internet ip from you windows machine will be the same as your TN as long as they are both connected to the same modem.. the modem is what has your internet IP. If your TN is not connected to to same ISP modem then they will be different
and can you explain what exactly i have to do when I do the Port forwarding. I dont know what to do. My Router is btw a FritzBox
@@TechworksOnline I dont have a modem I think. Or do you mean the router?
@@TechworksOnline nvm. I think I now know which Ip it is. I just watched your DDNS Tutorial from 2 Years ago and in the DDNS provider stands your 99.xx.xx.xx ip which is blurred. This is the IP you mean, right?
On your fritz box it might tell you the public IP. And on your fritzbox there should be a port forward. Set both inbound and outbound to the port you want to use.. match the ones used in the video.
Last question I promise lol, Does this protect my TrueNAS Scale server in other words if I had the media server stuff (don't worry nothing illegal) deployed would it encrypt all of that traffic?
Any data that travels over the VPN link would be encrypted data. If you access the data from within your local subnet and it does not travel to the VPN client then it would not be encrypted data.
App Version 10, Chart Version 2.0.12 is not deploying (it's been stuck for about an hour Deploying status marked with yellow) Yes I did put the default WG ports and followed the tutorial as I should. The only difference is that I didn't used a DNS and used my IP (yep triple checked it if that's the real IP and didn't made any typos) and I allocated more resources 8gb of ram and 4000m cpu since I have plenty of to spare. Any ideas what I'm doing wrong ?
With that version in the workloads pane. You can check the logs and see what it is getting stuck on for the container.. go from there. Maybe leave the resources as default
I lost my internet connection when I activate the VPN connection. What happened?
@bpcsa061169 if you are remote from your house and the VPN connects but you are not able to browse the internet then you may have an issue with wireguard config
@@TechworksOnline I dont really know which part goes wrong, I followed every steps. I think the there is nothing wrong about the connection but I notice that my client phone transfer rate is extremely slow.
like rx: 0B and tx: around 3KiB
Make sure your phone is not connected to the same network as your truenas. Like disconnect your phone from wifi first. Then test using just your cell phone 5g connection (or 4g)
totally nuked my network settings on my server. IDK how, I followed every step and got every success screen as you. RIP
Make sure your truenas is on a static IP
@@TechworksOnline done. after I took apart my server, switched the RAID card for an old GPU, edit the settings then put everything back in its place. Not it no longer breaks but still 0 B recieved. even after doing all the steps
You made sure the port forwarding is set correct and the network adapter is the correct one?
Make sure the remote machine IS OUTSIDE your network. Like not on you home wifi. It has to be from an actual remote location. Most ISP will have some blocking or NATing that it won't work with if you do try to vpn to a machine inside the local network
@@TechworksOnline my nas server is indeed on my home network, but I've configured port forwarding all the way. It works flawlessly for other services such as Plex.
Why would you put the external IP/hostname in the Wiregaurd config? I don't understand that, I am not wanting anyone coming in to the server on the private network. Please excuse my stupidty I am not a network guy. But that doesn't make sense to me. Thank you. Good Job on the Video my friend.
The certificates that are created, are created against the public facing address for authentication when the client attempts to connect. This also allows the connection file dispensed in the website to have the external host name in the file so that when you import it to wireguard client, the connection hostname is already there.
@@TechworksOnline I got ya makes sense now, as I said Good Job on the Video and thank you for your response keep up the great job.