Node-RED 3, Wireguard, DDNS, HA0 removed, Local DNS Server

We’ve removed the second network connection for CORE ha0. If you have an IP allocated for it, you can remove that reservation. It will eventually go away after an update or reboot.

Wireguard is up and running. It’s connected to DDNS. There are instructions in Wireguard | Collective-DOCS ( for this. Please take a few minutes to do some homework. It’s a full walkthrough in pictures. Easy to follow, but informative.


Please report any issues you come across.

We’ve officially moved to Node-RED 3. If you are running the beta version, you should think about moving your stuff over to the official oll-node-red version as the oll-node-red-3 version will eventually be deprecated. If you need assistance with this, please ask in our community.


We’ve also added a local dns server on CORE. For use with Wireguard. Of course, there are other benefits of this.


So, what is the process for migrating oll-node-red-3 to oll-node-red (which is now Node Red 3) :grey_question:

I am anxious to avoid any inadvertant downtime if I get the migration wrong, as NR3 is running my heating system. :slightly_smiling_face:

These are NOT step-by-step instructions, just a general list of things to do:

One way is to export all your flows in oll-node-red-3, disable oll-node-red-3 and then enable oll-node-red where you then import all your flows. You will then have to repopulate any missing globals and credentials as well as reinstall missing palettes.

Another approach is to disable oll-node-red-3, then copy the whole folder (using for example “sudo mc”):

You may have to change the ownership of certain files as well.

and then edit:

Where you need to make sure httAdminRoot and httpNodeRoot look like this:

// By default, the Node-RED UI is available at http://localhost:1880/
  // The following property can be used to specify a different root path.
  // If set to false, this is disabled.
  httpAdminRoot: '/pods/direct/node-red',

  // Some nodes, such as HTTP In, can be used to listen for incoming http requests.
  // By default, these are served relative to '/'. The following property
  // can be used to specifiy a different root path. If set to false, this is
  // disabled.
  httpNodeRoot: '/pods/direct/node-red',

Then you can enable and start oll-node-red. If you are using webhooks INTO NR, you need to update them to NOT have “-3” in them.

This is probably not a complete set of things to do, but should give a rough overview. If the copy fails, you can always disable oll-node-red and enable oll-node-red-3 again.

1 Like

OK, thanks - I will give that a go later this afternooon (UK). :slight_smile:

If my node setup was under v2 before, now that oll-node-red is v3, what are the steps to upgrading OR have you already dealt with that as part of the upgrade? (Haven’t checked myself personally as now away from the house until later). Thanks.

From V2 to V3 the upgrade is automatic, but you may need to check that all pallettes are installed and updated as well as do a full deploy once.

1 Like

Hi @markus

Does this mean, since all my flows are already on nodeRED-3, that I could:
a) export all my flows from NodeRED-3
b) start NodeRED-2 from the Sys/DASH;
c) manually add additional nodes into NodeRED-2’s pallete;
d) import exported flows to NodeRED-2,
e) run the oll-update command and let it do it’s thing
f) reboot Core

and have all my flows back to working order once the unit is rebooted?

I’d say more like this:
a) run the oll-update-init command and let it do it’s thing
b) export all my flows from oll-node-red-3
c) disable oll-node-red-3
d) start oll-node-red from the Sys/DASH;
e) import exported flows to oll-node-red,
e1) update any webhook-based-nodes if needed
f) manually add additional nodes into oll-node-red’s pallete;
g) do a full deploy in oll-node-red
h) NO NEED to reboot Core

1 Like

Sorry for being such a newbie, but… I’m sorry I don’t quite now what this means.
I suppose it has something to do with the following error I’m seeing in NodeRED (which is now 3.0.2), but I don’t quite know what to do to fix it. I tried clicking on the Configure web hook button, but got the “Invalid Token” reply…

(It was working fine in NodeRED-3 before I ran the last update today)


I found the location to add the token and that fixed the problem.

1 Like

I’m trying to set up wireguard.
I’ve followed April’s guide and I think I have it configured correctly.
Unfortunately I cannot get it to work.
I am seeing this in the logs for WG and it repeats every 30 seconds.
Any thoughts?

2022-12-21 11:32:19 GMT info INFO: Running command: prepare
2022-12-21 11:32:19 GMT info INFO: Executing prepare as root, shutting down wg0…
2022-12-21 11:32:19 GMT info wg-quick: `wg0’ is not a WireGuard interface
2022-12-21 11:32:19 GMT info INFO: Running command: run
2022-12-21 11:32:19 GMT info INFO: Initializing wg0…
2022-12-21 11:32:19 GMT info [#]
2022-12-21 11:32:19 GMT info [#] ip link add wg0 type wireguard
2022-12-21 11:32:19 GMT info [#] wg setconf wg0 /dev/fd/63
2022-12-21 11:32:19 GMT info [#] ip -4 address add dev wg0
2022-12-21 11:32:20 GMT info [#] ip link set mtu 1420 up dev wg0
2022-12-21 11:32:20 GMT info [#] iptables -t nat -F WG_POSTROUTING; iptables -t nat -A WG_POSTROUTING -s -o eth0 -j MASQUERADE; iptables -F WG_INPUT; iptables -A WG_INPUT -i wg0 -p udp --dport 53 -j ACCEPT; iptables -A WG_INPUT -i wg0 -p tcp --dport 80 -j ACCEPT; iptables -A WG_INPUT -i wg0 -p tcp --dport 81 -j ACCEPT; iptables -A WG_INPUT -i wg0 -p tcp --dport 443 -j ACCEPT; iptables -A OLL_INPUT -i wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT; iptables -F WG_FORWARD; iptables -A WG_FORWARD -i wg0 -j ACCEPT; iptables -A WG_FORWARD -o wg0 -j ACCEPT;
2022-12-21 11:32:20 GMT info iptables: No chain/target/match by that name.
2022-12-21 11:32:20 GMT info [#] ip link delete dev wg0

Try running oll-update-init again, then sudo oll-firewall --restart

I had run the update commands a couple of times to no avail.
I have run again plus the firewall command and BOOM, I’m in and it is working OK.
I did have trouble trying to get wireguard on line. After running these commands it came straight up.

I now have WG access. Thankyou.

One more step closer to turning off my last HE which I am using for dashboards and my 15 z-wave devices.
Thanks again to yourself and April. :+1:


@markus I went for your first suggested Node Red migration option, which was to export all the flows from the original NR3, disable it and then enable the new NR (3) and import the flows.

It has worked OK but as you suggested, I had to use the palette manager to install all the missing node types, I had to go through my Node Red Dashboard layouts and reassign all the widgets. I also had to reinstall CoreDash following your original instructions. MQTT sign-in security needed to be re-entered.

Not a painless exercise! However being able to stop the new NR3 and restart the old NR3 to check consistency was useful, as was having screen captures of what the NR Dashboards should look like so that I could recreate the layout in the new NR3.

Anyway, I have made it and am now on the new (official) NR3. :grinning:


Just a heads up. The changes to the system were significant. It might take some time for the system to come completely on line. Don’t be too quick to think it’s not working on this update. It’s taken up to 15 minutes for everything to come back up. If after 15 minutes, things aren’t working then run init again and reboot the firewall.
This won’t fix the missing nodes in Node-RED



If you wish to create a custom configuration of allowed IP addresses, you can create one by clicking CONNFIGURE.
You will need to name the configuration and enter the IP address separated by a comma. /32 is one specific IP and /24 is the entire rane of IP addresses within that subnet.

What is the IP address? Is it the IP address of the client (phone) or the CORE?

Also two spelling mistakes bolded.

The ip address to what you wish to connect to on your lan.

1 Like

Wow. That’s pretty cool. Thanks for building it into CORE.

I’m not able to get internet when connected through the Wireguard VPN. I’ve selected the appropriate option “internet”. Is there some trick? I vaguely recall something from months ago to allow access via the firewall, but it’s escaping me at present.

Edit: that was when there were two IP addresses. Not sure though.

Run updates then restart firewall again.

1 Like