[Solved] Trying Wireguard and setting it up only for local access from outside Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Garret
Posts: 52
Joined: Sat Nov 10, 2018 12:23 pm

Re: [Solved] Trying Wireguard and setting it up only for local access from outside

Post by Garret »

Hey @MichaIng actually after re-reading what @WarHawk, you and the content of wg0-client.conf, it is true: having AllowedIPs = 192.168.1.0/32 does not make sense because it should be, as you wrote in the first post, AllowedIPs = 192.168.1.0/24.

I simply don't understand. It is working to me but now for me it is more important to understand why it is working and why following what wg0-client.conf suggests instead does not make it working.

Did you have time to do some test?

I re-attached my wg0-client.conf:

Code: Select all

[Interface]
# The address must be unique for each client, use "10.8.0.3/24" for the second client and so on.
Address = 10.8.0.2/24
PrivateKey = HIDDEN
# Comment the following to preserve the clients default DNS server, or force a desired one.
DNS = 192.168.1.1

# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server
# NB: This requires "iptables" to be installed, thus will most likely not work on mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --d$
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark  -m addrtype ! --$

[Peer]
PublicKey = HIDDEN
# Tunnel all network traffic through the VPN:
#       AllowedIPs = 0.0.0.0/0, ::/0
# Tunnel access to server-side local network only:
#       AllowedIPs = 192.168.1.0/24
# Tunnel access to VPN server only:
#       AllowedIPs = 192.168.1.2/32
AllowedIPs = 192.168.1.0/32
Endpoint = HIDDEN

# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
#PersistentKeepalive = 25
And this is how my wireguard client on my android phone is configured. Actually you will notice that here I had not changed AllowedIPs from /24 to /32
Image
Garret
Posts: 52
Joined: Sat Nov 10, 2018 12:23 pm

Re: [Solved] Trying Wireguard and setting it up only for local access from outside

Post by Garret »

I just wanted to come back to the discussion. I don't know if something happened with updates or not but now everything seems to work as theoretically should. I mean that now having both AllowedIPs = 192.168.1.0/24 on the server and client allows me to access the whole lan network at home (including the raspberry pi where dietpi with wireguard is sitting). So I confirm that now if sully solved.
User avatar
MichaIng
Site Admin
Posts: 2295
Joined: Sat Nov 18, 2017 6:21 pm

Re: [Solved] Trying Wireguard and setting it up only for local access from outside

Post by MichaIng »

@Garret
Thanks for reporting back. v6.22 bring some other enhancements on the generated client configs to have every client as separate peer and allow concurrent connections. However existing configs are never touched by any install/reinstall step.
Post Reply