Hi DigitalAloha!! I've done up till setting up wireguard, however I'm stuck at 6:12 failed to open page at this point when typing in my NAS IP:51821 What am I suppose to do? help!
when I want to download the SPK file,to my NAS, I have this message "file format not valid. contact developer" ? video time 3:23 my Nas is a DS 920+ (Geminilake), DSM 7.2.1 69057 Update 5
You'll need to upgrade to DSM 7.2 for container manager to show up in package center. I'd definitely recommend the upgrade because it has much more features than the Docker package. Good luck!!
@@digital_aloha same here, but my nas cannot be upgraded to 7.2, 7.1 is last support DSM for my model. I do have docker installed (and running everal containers) but this version does not have the project option as in the video, i only can download containers not create one from yaml files
Aloha... ! I can't figure this out the setting.... I've been messing with this wireguard installation and typing bunch of IP addresses here and there. Can't make it work... seems 4:50 some IP address and port setting need to be configured on user's setting however I don't know which IP is referring to which and setup on firewall setting etc. Having headaches through failures all this week :(
Amazing tutorial. I have setup as per your video. One thing i need. Wiregaurd is using complete tunnel. What to do if i only need to use tunnel for local traffic .like i only need lan to access when using wireguard ? Your help in this is much need
Thanks for this tutorial! Worked flawlessly! It mentions there is an update available though. How do i update to the latest version? When i click on update and follow the instructions i get an access denied
Why no port forwarding required for Tailscale which basically use Wireguard behind the scene. but port forwarding is required for pure wireguard setup?
Good question... The reason why you'll need port forwarding setup for a pure wireguard setup is because it is hosted directly on your Synology NAS. With Tailscale the endpoints all connect to Tailscale's cloud based service to establish the wireguard connection that your nodes use. Hope that makes sense?
@@digital_aloha That make sense. Thank you. I have followed all the steps. Wireguard in my iPhone also shows connected but wireguard UI does not show any connection details. Also I am not able to connect to my NAS when connected with wireguard. I have also installed Tailscale on my NAS. Do you think it may causing issues?
@@priteshtechark4380 You're welcome!! Regarding your question, if you don't see connection details in WireGuard Easy then the connection hasn't been established and probably why you aren't able to connect to your NAS. Tailscale being installed on your NAS shouldn't be an issue. Really hard to say what the issue may be, but the first thing I would check on is if the IP address used on your LAN is the same that is used for WireGuard (they can't be the same network). Hope that bit of information helps? Good luck to you!!
how would i connect two synology nas using wireguard? i have wireguard on my fritzbox and would like to connect my offsite synology to this vpn ddns doesn't seem to work on my offsite backup, even if i set is as exposed (for testing purposes) and this is driving me crazy
Good question? I haven't setup WireGuard on a Synology NAS as a client, it's always been setup as a server. I think this is possible and maybe this video will help (th-cam.com/video/uPjAirU4occ/w-d-xo.html) because it gets into the command line config a bit more. If you want an option that I know works you could setup OpenVPN to do what you want to do and I have a video that covers that setup -> th-cam.com/video/pXXZ7SiD2yw/w-d-xo.html. Good luck to you in your setup!!
Looks like there are a couple of you having similar issues where the wireguard package stops running after a few seconds. I couldn't reproduce the issue on my Synology NAS so I'm not sure what to try. If you'd like one-on-one troubleshooting you could book a consulting session with me at digitalaloha.com/hire-me/.
hello, congratulations for your guides, they are very useful. I'm trying to connect a fritzbox to the server created on the nas ds723+. When I import the configuration file I get the following: "the imported configuration file is not suitable for advanced settings (total traffic)." Do you have an idea on how I can solve this?
Can you please help me with this issue in DSM and Wireguard package installed as in the video? Wireguard stops running after a second. I can't keep it to run. It says "Manually Stopped".
I'd be happy to help, but I'm not able to reproduce the error you are getting so I'm not sure where to start. If you'd like one-on-one troubleshooting you could book a consulting session with me at digitalaloha.com/hire-me/.
@@dennisdenneboom431 You're welcome. Glad you got things working!! I'm curious, what is the other installer that you used? Might be a useful option that I may be able to create a video on to help others.
really nice guide. I have a question, I have a VPN provider that I buy every year. How would I be able to set up this config from the VPN provider for this wg-easy setup? As I would like my synology to run entirely on wireguard. instead of openvpn
It should, but check out my previous video on setting up WireGuard -> th-cam.com/video/Tf74tyE0YjQ/w-d-xo.html. Container Manager was added in DSM 7.2. You need to use Docker in DSM 7.1. Good luck to you!!
@@digital_aloha Sorry to bug you again. I am following your tutorial but after I SSH into my DSM 7.1 (from Windows 10 using OpenSSH client on Windows) and try to run sudo /var/packages/WireGuard/scripts/start it asks for a password and when I paste my account password that I used to SSH in, it just says, "Sorry, try again." - what am I doing wrong?
Thank you very much for the tutorial. I have DS923+ running off DSM 7.2.2. I don't see r1000 package avialable for 7.2, so I applied 7.1. Encountered problem of WG container keeps restarting. WG log shows "Error: WireGuard existed with the error: Cannot find device "wg0"". Reinstalled wg and Docker multiple times, no vail. Any advice?
I've used this setup for sometime and never had issues with the SPK file. If you are concerned though, and you have the right to be, I would recommend you build the SPK file for your Synology NAS yourself using the steps I go over in this video -> th-cam.com/video/zQMsIkjm-zM/w-d-xo.html (which I also mentioned in the video). Good luck to you!!
Thanks for this great video, going to give it a try on a new NAS I'm building. Do you think that this will persist with DSM updates, wireguard version updates, reboots, etc? Or will manual intervention be required? Mahalo!
You're welcome!! The WireGuard settings should persist through reboots and security updates of DSM, but when there is a major DSM upgrade (from DSM 7.1 to 7.2 for example) you'll need to upgrade your WireGuard package at that point. Good luck with your setup!! Aloha 😀
My docker container just randomely stops and the container manager shows it's gray but it says it's running. Portainer says it's runing as well. I restarted the container and container manager it says running and it's on green but it stops a few seconds later. I will take a look into the logs. Portainer logs says: Error: WireGuard exited with the error: Cannot find device "wg0" This usually means that your host's kernel does not support WireGuard! Edit: I googled it and saw your github post to solve this issue but if I want to apply the environment variables my Synology says the network is unstable or my system is fully occupied which is for both not the case. Is I sad I see that the container starts and stops every two minutes for no reason. I think it just tries to start the container but it fails to this error every time.
With this solution is it necessary to run the GUI port on the same port as the wireguard VPN traffic? With Docker on a Debian system I use different ports for each.
I'll look into creating a video in the near future on the new version and features of wg-easy (including setting up bcrypt password hashes). Thanks for pointing out the recent update. I haven't looked at the project for a few months.
@@digital_aloha I Figured it out. took a while trying to understand bcrypt and the instructions on the wg-easy github were confusing (were using Container and not Docker etc.) so an Online bcrypt generator with a cost factor (round) of 10 worked. instead of using PASSWORD=, use PASSWORD_HASH=, then use the Hashed of the base password (eg. Wire123 would be $2a$10$7KVswtv716.pGZRGDVFlcOtNpFwLHNcbLjpVNutXnqjRzBgAORYL6, however when using the password in the YML you have to add extra $ whenever there's a $ in the hash (so each $ becomes $$) this means PASSWORD_HASH=$$2a$$10$$7KVswtv716.pGZRGDVFlcOtNpFwLHNcbLjpVNutXnqjRzBgAORYL6 then when logging in to the Wireguard GUI use the base password eg. Wire123. In all honesty I have no idea why they pushed this ? extra security? One thing though... is there a way to auto update this instead of having to wipe it out and create a new YAML project? like updating the Image?
I've watched this and several other videos on the subject and none seem to successfully show accessing services on the syno NAS even though the server is setup on the NAS. Is this an iptables, firewall, or routing issue with the gateway?
In my set up, once connected to WireGuard, I was able to access the NAS just fine (connected to DSM) and was able to access Docker containers/projects running on the NAS. I have another Synology NAS running on my LAN and was able to connect to that system as well. I'd say if you aren't able to get to services anywhere on your LAN then you probably aren't connected to WireGuard properly and you should check on your router and firewall rules. Hope that helps and best of luck in getting your WireGuard setup working properly.
@@digital_aloha I figured it out... I un-commented the WG_PRE/POST_UP/DOWN's and left them as it; so, no default iptables. I did change the image however to load in the latest version of wg-easy. Now... on to optimization!
Would you happen to know if using the wireguard.spk file for our particular architecture would allow us to install any Wireguard image of choice? For example could we pair an image like ngoduykhanh/wireguard-ui with the spk file or is it specific only for wireguard-easy?
Does someone know what that package we're installing actually do? Or better said the docker container. Another question is it possible to set this server up as a way ro communicate with the nas example Synology drive but without access to the other home network? It works with the openvpn server but the windows client is crappy (automatic connection not working correctly especially on a laptop)
Thanks for the great tutorial. Note that on 7.2, a reboot is required after installing the package and before running the start command.
thank you! it works perfectly, the tutorial is very easy
You're welcome!! Glad the video was helpful and easy to follow.
Hi DigitalAloha!! I've done up till setting up wireguard, however I'm stuck at 6:12 failed to open page at this point when typing in my NAS IP:51821 What am I suppose to do? help!
Great, consie, thorough video! Thank you so much for you for the effort you put into making these videos easy for the rest of us!
You're welcome!! Hopefully you and others find the refreshed video using Container Manager to do the setup simpler than using the command line.
Thanks you for the very clear tutorial - a great help
Thanks for the video and the question right here: how can I setup WG as a client?
Thanks for the great tutorial.!!! especially on 7.2!
This is awesome video tutorial, thanks for sharing!!!
Note: The yml file that he linked has the default language set to German (DE). Change this to EN if you want it to be in English :D
Many thanks. It work perfekt. i am beginner and i make all you show. now i have WireGuard on my Synology. ! =D
You're welcome!! Glad you were able to get WireGuard working on your Synology NAS!!
when I want to download the SPK file,to my NAS, I have this message "file format not valid. contact developer" ?
video time 3:23
my Nas is a DS 920+ (Geminilake), DSM 7.2.1 69057 Update 5
I have DSM version 7.1 and there is no container manager anywhere in package center.
You'll need to upgrade to DSM 7.2 for container manager to show up in package center. I'd definitely recommend the upgrade because it has much more features than the Docker package. Good luck!!
@@digital_aloha same here, but my nas cannot be upgraded to 7.2, 7.1 is last support DSM for my model. I do have docker installed (and running everal containers) but this version does not have the project option as in the video, i only can download containers not create one from yaml files
how to connect wireguard as a network to other docker containers?
Aloha... ! I can't figure this out the setting.... I've been messing with this wireguard installation and typing bunch of IP addresses here and there. Can't make it work... seems 4:50 some IP address and port setting need to be configured on user's setting however I don't know which IP is referring to which and setup on firewall setting etc. Having headaches through failures all this week :(
Is there any way to do this without installing the custom package, for example by running a VM
Nice video.
Will the spk file work on DSM 7.2.2?
Great video! I wish that the iOS app for witeguard (or openvpn) would have faceID for added security.
Thanks for the compliment on the video!! Hopefully we get faceID in upcoming WireGuard app updates for iOS.
@@digital_aloha Check again. It works for me. I have FaceID in WireGuard
Amazing tutorial. I have setup as per your video. One thing i need. Wiregaurd is using complete tunnel. What to do if i only need to use tunnel for local traffic .like i only need lan to access when using wireguard ? Your help in this is much need
Thanks for this tutorial! Worked flawlessly!
It mentions there is an update available though. How do i update to the latest version? When i click on update and follow the instructions i get an access denied
Why no port forwarding required for Tailscale which basically use Wireguard behind the scene. but port forwarding is required for pure wireguard setup?
Good question... The reason why you'll need port forwarding setup for a pure wireguard setup is because it is hosted directly on your Synology NAS. With Tailscale the endpoints all connect to Tailscale's cloud based service to establish the wireguard connection that your nodes use. Hope that makes sense?
@@digital_aloha That make sense. Thank you. I have followed all the steps. Wireguard in my iPhone also shows connected but wireguard UI does not show any connection details. Also I am not able to connect to my NAS when connected with wireguard. I have also installed Tailscale on my NAS. Do you think it may causing issues?
@@priteshtechark4380 You're welcome!! Regarding your question, if you don't see connection details in WireGuard Easy then the connection hasn't been established and probably why you aren't able to connect to your NAS. Tailscale being installed on your NAS shouldn't be an issue.
Really hard to say what the issue may be, but the first thing I would check on is if the IP address used on your LAN is the same that is used for WireGuard (they can't be the same network). Hope that bit of information helps? Good luck to you!!
how would i connect two synology nas using wireguard? i have wireguard on my fritzbox and would like to connect my offsite synology to this vpn
ddns doesn't seem to work on my offsite backup, even if i set is as exposed (for testing purposes) and this is driving me crazy
Good question? I haven't setup WireGuard on a Synology NAS as a client, it's always been setup as a server. I think this is possible and maybe this video will help (th-cam.com/video/uPjAirU4occ/w-d-xo.html) because it gets into the command line config a bit more.
If you want an option that I know works you could setup OpenVPN to do what you want to do and I have a video that covers that setup -> th-cam.com/video/pXXZ7SiD2yw/w-d-xo.html.
Good luck to you in your setup!!
@@digital_aloha will try that now, thanks a lot!
Can't get WG to keep running, rebooted DSM, ran the scrpt but it just stopped after a few seconds running. DSM 7.2 DS1522+.
Looks like there are a couple of you having similar issues where the wireguard package stops running after a few seconds. I couldn't reproduce the issue on my Synology NAS so I'm not sure what to try. If you'd like one-on-one troubleshooting you could book a consulting session with me at digitalaloha.com/hire-me/.
is it faster than openVPN that came with DSM though?
hello, congratulations for your guides, they are very useful.
I'm trying to connect a fritzbox to the server created on the nas ds723+.
When I import the configuration file I get the following:
"the imported configuration file is not suitable for advanced settings (total traffic)."
Do you have an idea on how I can solve this?
Could you please tell me how you set up the Wireguard as a client on DSM 7.2?
I cannot access my synology nas dsm220+ webUI and FTP via Wireguard Docker and What should I do?
Good video, my CPU architecture is Avoton and I can't seem to find a package for that architecture. What should I do?
Can you please help me with this issue in DSM and Wireguard package installed as in the video?
Wireguard stops running after a second. I can't keep it to run.
It says "Manually Stopped".
I'd be happy to help, but I'm not able to reproduce the error you are getting so I'm not sure where to start. If you'd like one-on-one troubleshooting you could book a consulting session with me at digitalaloha.com/hire-me/.
@digital_aloha Thank you. I've found another installer. Now it's solved :)
@@dennisdenneboom431 You're welcome. Glad you got things working!! I'm curious, what is the other installer that you used? Might be a useful option that I may be able to create a video on to help others.
@@dennisdenneboom431 What was your solution? Wireguard won't stay running on mine either.
Even after connecting it to my bridge where all my containers are connected to. There is no LAN acces. Even after setting allow ip's
really nice guide.
I have a question, I have a VPN provider that I buy every year.
How would I be able to set up this config from the VPN provider for this wg-easy setup?
As I would like my synology to run entirely on wireguard. instead of openvpn
What that work on DSM v.7.1?
It should, but check out my previous video on setting up WireGuard -> th-cam.com/video/Tf74tyE0YjQ/w-d-xo.html. Container Manager was added in DSM 7.2. You need to use Docker in DSM 7.1. Good luck to you!!
@@digital_aloha thanks, man!
@@sent4dc You're welcome!!
@@digital_aloha Sorry to bug you again. I am following your tutorial but after I SSH into my DSM 7.1 (from Windows 10 using OpenSSH client on Windows) and try to run sudo /var/packages/WireGuard/scripts/start it asks for a password and when I paste my account password that I used to SSH in, it just says, "Sorry, try again." - what am I doing wrong?
Thank you very much for the tutorial. I have DS923+ running off DSM 7.2.2. I don't see r1000 package avialable for 7.2, so I applied 7.1. Encountered problem of WG container keeps restarting. WG log shows "Error: WireGuard existed with the error: Cannot find device "wg0"". Reinstalled wg and Docker multiple times, no vail. Any advice?
Thank you!!! Muchas gracias por el video, el único que me funcionó.
Is spk file safe? Would you recommend this method?
Well, he built the SPK files so I'm pretty sure he's telling you they are safe and is recommending this method...
I've used this setup for sometime and never had issues with the SPK file. If you are concerned though, and you have the right to be, I would recommend you build the SPK file for your Synology NAS yourself using the steps I go over in this video -> th-cam.com/video/zQMsIkjm-zM/w-d-xo.html (which I also mentioned in the video). Good luck to you!!
@@digital_aloha Thanks a lot
@@okanerdem You're welcome!!
Thanks for this great video, going to give it a try on a new NAS I'm building. Do you think that this will persist with DSM updates, wireguard version updates, reboots, etc? Or will manual intervention be required? Mahalo!
You're welcome!! The WireGuard settings should persist through reboots and security updates of DSM, but when there is a major DSM upgrade (from DSM 7.1 to 7.2 for example) you'll need to upgrade your WireGuard package at that point. Good luck with your setup!! Aloha 😀
My docker container just randomely stops and the container manager shows it's gray but it says it's running. Portainer says it's runing as well. I restarted the container and container manager it says running and it's on green but it stops a few seconds later. I will take a look into the logs. Portainer logs says: Error: WireGuard exited with the error: Cannot find device "wg0"
This usually means that your host's kernel does not support WireGuard!
Edit: I googled it and saw your github post to solve this issue but if I want to apply the environment variables my Synology says the network is unstable or my system is fully occupied which is for both not the case. Is I sad I see that the container starts and stops every two minutes for no reason. I think it just tries to start the container but it fails to this error every time.
With this solution is it necessary to run the GUI port on the same port as the wireguard VPN traffic? With Docker on a Debian system I use different ports for each.
wireguard easy recently update to bcrypt password hash, this is not covered in an easy way to understand and would be a great revival of this video.
I'll look into creating a video in the near future on the new version and features of wg-easy (including setting up bcrypt password hashes). Thanks for pointing out the recent update. I haven't looked at the project for a few months.
@@digital_aloha I Figured it out. took a while trying to understand bcrypt and the instructions on the wg-easy github were confusing (were using Container and not Docker etc.) so an Online bcrypt generator with a cost factor (round) of 10 worked. instead of using PASSWORD=, use PASSWORD_HASH=, then use the Hashed of the base password (eg. Wire123 would be $2a$10$7KVswtv716.pGZRGDVFlcOtNpFwLHNcbLjpVNutXnqjRzBgAORYL6, however when using the password in the YML you have to add extra $ whenever there's a $ in the hash (so each $ becomes $$) this means PASSWORD_HASH=$$2a$$10$$7KVswtv716.pGZRGDVFlcOtNpFwLHNcbLjpVNutXnqjRzBgAORYL6
then when logging in to the Wireguard GUI use the base password eg. Wire123.
In all honesty I have no idea why they pushed this ? extra security?
One thing though... is there a way to auto update this instead of having to wipe it out and create a new YAML project? like updating the Image?
Just a heads up, I just set up my container and I did not have to add the extra $ to the online generated hash
I've watched this and several other videos on the subject and none seem to successfully show accessing services on the syno NAS even though the server is setup on the NAS. Is this an iptables, firewall, or routing issue with the gateway?
In my set up, once connected to WireGuard, I was able to access the NAS just fine (connected to DSM) and was able to access Docker containers/projects running on the NAS. I have another Synology NAS running on my LAN and was able to connect to that system as well. I'd say if you aren't able to get to services anywhere on your LAN then you probably aren't connected to WireGuard properly and you should check on your router and firewall rules. Hope that helps and best of luck in getting your WireGuard setup working properly.
@@digital_aloha I figured it out... I un-commented the WG_PRE/POST_UP/DOWN's and left them as it; so, no default iptables. I did change the image however to load in the latest version of wg-easy. Now... on to optimization!
When I start wireguard it almost immediately stops again. How do I fix this?
That happened to me too and it turned out I had downloaded the wrong SPK
Would you happen to know if using the wireguard.spk file for our particular architecture would allow us to install any Wireguard image of choice? For example could we pair an image like ngoduykhanh/wireguard-ui with the spk file or is it specific only for wireguard-easy?
Does someone know what that package we're installing actually do? Or better said the docker container. Another question is it possible to set this server up as a way ro communicate with the nas example Synology drive but without access to the other home network? It works with the openvpn server but the windows client is crappy (automatic connection not working correctly especially on a laptop)
my wireguard stops working automatically after few seconds
Can you make Tutorial for Synology Router. WireGuard on SMR will be very nice. =)
Would you please show how to change the password for wg-easy web-ui? Thank you!
Watch the video again he mentioned it
Works but no internet
same issue, did you find a solution?
Why port 51820 tho? You didn't explained.
That's the default listening port for WireGuard
I think this video lacks a lot of explaination. It is more like just follow the step, trust me kind of video.