Setup WireGuard On A Synology NAS Running DSM 7.2 Using Container Manager
HTML-код
- Опубликовано: 24 июл 2024
- This video covers setting up WireGuard and WireGuard Easy on a Synology NAS running DSM 7.2 using Container Manager.
⭐️ SUPPORT THIS CHANNEL⭐️
digitalaloha.com/support-my-w...
⭐️ HIRE ME FOR A PROJECT⭐️
digitalaloha.com/hire-me/
The video topics include:
• Prerequisites - Install Container Manager, Enable SSH, Setup DDNS and Port Forwarding.
• Downloading or building a WireGuard SPK file for your Synology NAS.
• Installing and running WireGuard.
• Installing WireGuard Easy through Container Manager.
• Logging in to WireGuard Easy and creating a client.
• Setting up an iPhone as a WireGuard client.
In the video I mentioned or referenced the following link:
• My Google Drive with WireGuard SPK files - drive.google.com/drive/folder...
• What kind of CPU does my Synology NAS have? - kb.synology.com/en-me/DSM/tut...
• WeeJeWel/wg-easy (WireGuard Easy) Docker Hub page - registry.hub.docker.com/r/wee...
• Link to docker-compose.yml that I used as a starting point for the one used in the video - github.com/wg-easy/wg-easy/bl...
Commands used to start up WireGuard:
• sudo /var/packages/WireGuard/scripts/start (Command to start up WireGuard)
docker-compose.yml file referenced in the video:
version: "3.8"
services:
wg-easy:
environment:
Required:
Change this to the ddns hostname you configured.
- WG_HOST=(ddns hostname)
- PASSWORD=(password for wg-easy web-ui)
Optional:
- WG_PORT=51820
- WG_DEFAULT_ADDRESS=10.8.0.x
- WG_DEFAULT_DNS=1.1.1.1
- WG_MTU=1420
- WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
- WG_PRE_UP=echo "Pre Up" /etc/wireguard/pre-up.txt
- WG_POST_UP=echo "Post Up" /etc/wireguard/post-up.txt
- WG_PRE_DOWN=echo "Pre Down" /etc/wireguard/pre-down.txt
- WG_POST_DOWN=echo "Post Down" /etc/wireguard/post-down.txt
Note the angle brackets/greater then symbols needed to be removed in the above 4 lines because it isn't allowed in RUclips descriptions.
image: weejewel/wg-easy
container_name: wg-easy
volumes:
- .:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
Timecodes
0:00 | Introduction
0:18 | Prerequisites
1:50 | Download Or Build A WireGuard SPK File For Your NAS
3:03 | Install And Run WireGuard
3:55 | Install And Run WireGuard Easy
6:04 | Log In To WireGuard Easy Web UI And Create Client
6:52 | Setup My Iphone As A WireGuard Client
7:26 | TIP - On Demand Activation
7:53 | Closing
#synology #wireguard #containermanager #docker Наука
Great, consie, thorough video! Thank you so much for you for the effort you put into making these videos easy for the rest of us!
You're welcome!! Hopefully you and others find the refreshed video using Container Manager to do the setup simpler than using the command line.
Thanks for the great tutorial. Note that on 7.2, a reboot is required after installing the package and before running the start command.
This is awesome video tutorial, thanks for sharing!!!
thank you! it works perfectly, the tutorial is very easy
You're welcome!! Glad the video was helpful and easy to follow.
Many thanks. It work perfekt. i am beginner and i make all you show. now i have WireGuard on my Synology. ! =D
You're welcome!! Glad you were able to get WireGuard working on your Synology NAS!!
Thank you!!! Muchas gracias por el video, el único que me funcionó.
Note: The yml file that he linked has the default language set to German (DE). Change this to EN if you want it to be in English :D
Thanks for this tutorial! Worked flawlessly!
It mentions there is an update available though. How do i update to the latest version? When i click on update and follow the instructions i get an access denied
Thanks for the video and the question right here: how can I setup WG as a client?
Aloha... ! I can't figure this out the setting.... I've been messing with this wireguard installation and typing bunch of IP addresses here and there. Can't make it work... seems 4:50 some IP address and port setting need to be configured on user's setting however I don't know which IP is referring to which and setup on firewall setting etc. Having headaches through failures all this week :(
Good video, my CPU architecture is Avoton and I can't seem to find a package for that architecture. What should I do?
how to connect wireguard as a network to other docker containers?
Would you happen to know if using the wireguard.spk file for our particular architecture would allow us to install any Wireguard image of choice? For example could we pair an image like ngoduykhanh/wireguard-ui with the spk file or is it specific only for wireguard-easy?
Is there any way to do this without installing the custom package, for example by running a VM
With this solution is it necessary to run the GUI port on the same port as the wireguard VPN traffic? With Docker on a Debian system I use different ports for each.
Thanks for this great video, going to give it a try on a new NAS I'm building. Do you think that this will persist with DSM updates, wireguard version updates, reboots, etc? Or will manual intervention be required? Mahalo!
You're welcome!! The WireGuard settings should persist through reboots and security updates of DSM, but when there is a major DSM upgrade (from DSM 7.1 to 7.2 for example) you'll need to upgrade your WireGuard package at that point. Good luck with your setup!! Aloha 😀
Could you please tell me how you set up the Wireguard as a client on DSM 7.2?
Does someone know what that package we're installing actually do? Or better said the docker container. Another question is it possible to set this server up as a way ro communicate with the nas example Synology drive but without access to the other home network? It works with the openvpn server but the windows client is crappy (automatic connection not working correctly especially on a laptop)
Hi DigitalAloha!! I've done up till setting up wireguard, however I'm stuck at 6:12 failed to open page at this point when typing in my NAS IP:51821 What am I suppose to do? help!
Great video! I wish that the iOS app for witeguard (or openvpn) would have faceID for added security.
Thanks for the compliment on the video!! Hopefully we get faceID in upcoming WireGuard app updates for iOS.
@@digital_aloha Check again. It works for me. I have FaceID in WireGuard
Can't get WG to keep running, rebooted DSM, ran the scrpt but it just stopped after a few seconds running. DSM 7.2 DS1522+.
Looks like there are a couple of you having similar issues where the wireguard package stops running after a few seconds. I couldn't reproduce the issue on my Synology NAS so I'm not sure what to try. If you'd like one-on-one troubleshooting you could book a consulting session with me at digitalaloha.com/hire-me/.
My docker container just randomely stops and the container manager shows it's gray but it says it's running. Portainer says it's runing as well. I restarted the container and container manager it says running and it's on green but it stops a few seconds later. I will take a look into the logs. Portainer logs says: Error: WireGuard exited with the error: Cannot find device "wg0"
This usually means that your host's kernel does not support WireGuard!
Edit: I googled it and saw your github post to solve this issue but if I want to apply the environment variables my Synology says the network is unstable or my system is fully occupied which is for both not the case. Is I sad I see that the container starts and stops every two minutes for no reason. I think it just tries to start the container but it fails to this error every time.
when I want to download the SPK file,to my NAS, I have this message "file format not valid. contact developer" ?
video time 3:23
my Nas is a DS 920+ (Geminilake), DSM 7.2.1 69057 Update 5
I have DSM version 7.1 and there is no container manager anywhere in package center.
You'll need to upgrade to DSM 7.2 for container manager to show up in package center. I'd definitely recommend the upgrade because it has much more features than the Docker package. Good luck!!
how would i connect two synology nas using wireguard? i have wireguard on my fritzbox and would like to connect my offsite synology to this vpn
ddns doesn't seem to work on my offsite backup, even if i set is as exposed (for testing purposes) and this is driving me crazy
Good question? I haven't setup WireGuard on a Synology NAS as a client, it's always been setup as a server. I think this is possible and maybe this video will help (ruclips.net/video/uPjAirU4occ/видео.html) because it gets into the command line config a bit more.
If you want an option that I know works you could setup OpenVPN to do what you want to do and I have a video that covers that setup -> ruclips.net/video/pXXZ7SiD2yw/видео.html.
Good luck to you in your setup!!
@@digital_aloha will try that now, thanks a lot!
When I start wireguard it almost immediately stops again. How do I fix this?
Why no port forwarding required for Tailscale which basically use Wireguard behind the scene. but port forwarding is required for pure wireguard setup?
Good question... The reason why you'll need port forwarding setup for a pure wireguard setup is because it is hosted directly on your Synology NAS. With Tailscale the endpoints all connect to Tailscale's cloud based service to establish the wireguard connection that your nodes use. Hope that makes sense?
@@digital_aloha That make sense. Thank you. I have followed all the steps. Wireguard in my iPhone also shows connected but wireguard UI does not show any connection details. Also I am not able to connect to my NAS when connected with wireguard. I have also installed Tailscale on my NAS. Do you think it may causing issues?
@@priteshtechark4380 You're welcome!! Regarding your question, if you don't see connection details in WireGuard Easy then the connection hasn't been established and probably why you aren't able to connect to your NAS. Tailscale being installed on your NAS shouldn't be an issue.
Really hard to say what the issue may be, but the first thing I would check on is if the IP address used on your LAN is the same that is used for WireGuard (they can't be the same network). Hope that bit of information helps? Good luck to you!!
Can you please help me with this issue in DSM and Wireguard package installed as in the video?
Wireguard stops running after a second. I can't keep it to run.
It says "Manually Stopped".
I'd be happy to help, but I'm not able to reproduce the error you are getting so I'm not sure where to start. If you'd like one-on-one troubleshooting you could book a consulting session with me at digitalaloha.com/hire-me/.
@digital_aloha Thank you. I've found another installer. Now it's solved :)
@@dennisdenneboom431 You're welcome. Glad you got things working!! I'm curious, what is the other installer that you used? Might be a useful option that I may be able to create a video on to help others.
@@dennisdenneboom431 What was your solution? Wireguard won't stay running on mine either.
Can you make Tutorial for Synology Router. WireGuard on SMR will be very nice. =)
Is spk file safe? Would you recommend this method?
Well, he built the SPK files so I'm pretty sure he's telling you they are safe and is recommending this method...
I've used this setup for sometime and never had issues with the SPK file. If you are concerned though, and you have the right to be, I would recommend you build the SPK file for your Synology NAS yourself using the steps I go over in this video -> ruclips.net/video/zQMsIkjm-zM/видео.html (which I also mentioned in the video). Good luck to you!!
@@digital_aloha Thanks a lot
@@okanerdem You're welcome!!
What that work on DSM v.7.1?
It should, but check out my previous video on setting up WireGuard -> ruclips.net/video/Tf74tyE0YjQ/видео.html. Container Manager was added in DSM 7.2. You need to use Docker in DSM 7.1. Good luck to you!!
@@digital_aloha thanks, man!
@@sent4dc You're welcome!!
@@digital_aloha Sorry to bug you again. I am following your tutorial but after I SSH into my DSM 7.1 (from Windows 10 using OpenSSH client on Windows) and try to run sudo /var/packages/WireGuard/scripts/start it asks for a password and when I paste my account password that I used to SSH in, it just says, "Sorry, try again." - what am I doing wrong?
Would you please show how to change the password for wg-easy web-ui? Thank you!
Watch the video again he mentioned it
Works but no internet
same issue, did you find a solution?