geminilake instal on ds220+ not working outside LAN (no inetrnet or Wan IP) on DSM 7.2.2-72806 #196
Description
Description
I use the editorial on you tube to install *.spk and wg-easy (half year ago). It was running okey after update to DSM 7.2.2-72806. But I got the remark that the wg-easy was out of date. I updated it (mainly change from PASSWORD to PASSWORD_HASH) than it failed. So i removed the wire guard package from the DS220+ NAS. Did generate the spk myself using 7.2 of synobuild72, imported the prebuild *.spk and also re-installed the original spk I had used and worked. Reset to wg-easy:12 and wg-easy:14 . Tested also wg without wg-easy (strait from /etc/wireguard settings and key generations). All had the same problem the client connected to the synology server can access the local network, but NO internet . This despite the wg0.conf has the iptables set.
Same update on ds1522+ works oke!
Brief description of what you are trying to do, and what actually happens.
Steps to reproduce
see above.
wg show -->
interface: wg0
public key: xxcxccxccx
private key: (hidden)
listening port: 51822
peer: dgdgddgxxxxxx
preshared key: (hidden)
endpoint: 172.17.0.1:60069
allowed ips: 10.6.0.2/32
latest handshake: 1 minute, 36 seconds ago
transfer: 1.48 KiB received, 1.90 KiB sent
b4a0089662c8:/etc/wireguard#
wg0.conf file -->
/etc/wireguard# more wg0.conf
Note: Do not edit this file directly.
Your changes will be overwritten!
Server
[Interface]
PrivateKey = UPsdsdssdsds
Address = 10.6.0.1/24
ListenPort = 51822
PreUp =
PostUp = iptables -t nat -A POSTROUTING -s 10.6.0.0/24 -o eth0 -j MASQUERADE; ip
tables -A INPUT -p udp -m udp --dport 51822 -j ACCEPT; iptables -A FORWARD -i wg0
-j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown = iptables -t nat -D POSTROUTING -s 10.6.0.0/24 -o eth0 -j MASQUERADE;
iptables -D INPUT -p udp -m udp --dport 51822 -j ACCEPT; iptables -D FORWARD -i w
g0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
Client: Phone_s21n (997a0c23-d6d2-4723-b84f-28dac5fb176f)
[Peer]
PublicKey = dddddgdgdgdgddgg
PresharedKey = apYE+/cXF/VBX/dhiwpJgkZ39zsW9o9Y1JfqLL9+ITQ=
A
$ ssh user@nas
Expected behavior
A clear and concise description of what you expected to happen.
The client connects to the tunnel, but no internet connection through the tunnel possible.
Have also a ds1522+ no problem there after update to the wg-easy:14
Synology NAS model
E.g. DS220+
wg0.conf
wg0.conf file -->
/etc/wireguard# more wg0.conf
Note: Do not edit this file directly.
Your changes will be overwritten!
Server
[Interface]
PrivateKey = UPsdsdssdsds
Address = 10.6.0.1/24
ListenPort = 51822
PreUp =
PostUp = iptables -t nat -A POSTROUTING -s 10.6.0.0/24 -o eth0 -j MASQUERADE; ip
tables -A INPUT -p udp -m udp --dport 51822 -j ACCEPT; iptables -A FORWARD -i wg0
-j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown = iptables -t nat -D POSTROUTING -s 10.6.0.0/24 -o eth0 -j MASQUERADE;
iptables -D INPUT -p udp -m udp --dport 51822 -j ACCEPT; iptables -D FORWARD -i w
g0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;
Client: Phone_s21n (997a0c23-d6d2-4723-b84f-28dac5fb176f)
[Peer]
PublicKey = dddddgdgdgdgddgg
PresharedKey = apYE+/cXF/VBX/dhiwpJgbb
AllowedIPs = 10.6.0.2/32
Content of wg0.conf goes here. Remember to redact Private keys!
`
wg0.conf file -->
more wg0.conf
`{
"server": {
"privateKey": "Rdfddfddfdxxxxxxi4wUM=",
"publicKey": "0aKUHG3R26AAOxH2E=",
"address": "10.6.0.1"
},
"clients": {
"997a0c23-d6d2-4723-b84f-28dac5fb176f": {
"id": "997a0c23-d6d2-4723-b84f-28dac5fb176f",
"name": "Phone_s21n",
"address": "10.6.0.2",
"privateKey": "qIZvynpp+wQ=",
"publicKey": "a75Q2G95jMiaV0IVk=",
"preSharedKey": "apYE+/cXFg1JfqLL9+ITQ=",
"createdAt": "2024-11-01T12:42:00.956Z",
"updatedAt": "2024-11-02T08:26:27.779Z",
"enabled": true
}
}
}
If there are multiple peers, include their configuration too.