[Solved] Trying Wireguard and setting it up only for local access from outside Topic is solved

[Garret]

Hey @MichaIng actually after re-reading what @WarHawk, you and the content of wg0-client.conf, it is true: having AllowedIPs = 192.168.1.0/32 does not make sense because it should be, as you wrote in the first post, AllowedIPs = 192.168.1.0/24.

I simply don't understand. It is working to me but now for me it is more important to understand why it is working and why following what wg0-client.conf suggests instead does not make it working.

Did you have time to do some test?

I re-attached my wg0-client.conf:

Code: Select all

[Interface]
# The address must be unique for each client, use "10.8.0.3/24" for the second client and so on.
Address = 10.8.0.2/24
PrivateKey = HIDDEN
# Comment the following to preserve the clients default DNS server, or force a desired one.
DNS = 192.168.1.1

# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server
# NB: This requires "iptables" to be installed, thus will most likely not work on mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --d$
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --$

[Peer]
PublicKey = HIDDEN
# Tunnel all network traffic through the VPN:
#       AllowedIPs = 0.0.0.0/0, ::/0
# Tunnel access to server-side local network only:
#       AllowedIPs = 192.168.1.0/24
# Tunnel access to VPN server only:
#       AllowedIPs = 192.168.1.2/32
AllowedIPs = 192.168.1.0/32
Endpoint = HIDDEN

# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
#PersistentKeepalive = 25

And this is how my wireguard client on my android phone is configured. Actually you will notice that here I had not changed AllowedIPs from /24 to /32

[Garret]

I just wanted to come back to the discussion. I don't know if something happened with updates or not but now everything seems to work as theoretically should. I mean that now having both AllowedIPs = 192.168.1.0/24 on the server and client allows me to access the whole lan network at home (including the raspberry pi where dietpi with wireguard is sitting). So I confirm that now if sully solved.

[MichaIng]

@Garret
Thanks for reporting back. v6.22 bring some other enhancements on the generated client configs to have every client as separate peer and allow concurrent connections. However existing configs are never touched by any install/reinstall step.