Hi guys, hope somebody can help me with a problem. I have a few services on my homeserver that I want to be only accessible from either inside my home network, or while being connected to it with a Wireguard server that runs on my router. I can perfectly access my homeserver with its local IP address 192.168.x.y when connected with the VPN. Now I would like to be able to access it with the domain test.example.com which has its A record pointed at 192.168.x.y. This works when I am inside my home network, but not through my VPN.

Is what I am trying to do infeasible? On my client the Wireguard config has AllowedIPs=192.168.x.0/24,0.0.0.0/0, hence I can reach the homeserver via 192.168.x.y, but why does it not work via domain name through the tunnel? What does however work is editing the hosts file on my client to point test.example.com at 192.168.x.y, but I would prefer not to do so. Any ideas? Thanks in advance

  • Ziomal12@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    0.0.0.0/0 already includes 192.168.0.0/16 However if your VPN doesn’t have an “exit node” configure (it’s Tailscale’s name for it but basically it means that there’s no machine configured to connect your tunnel to Internet) there could be issues with retrieving DNS.

    I’d suggest making AllowedIP ip your-vpn-net, 192.168.y.0/24

    Problem with that setup would be that while on your network with VPN turned on there could be conflicts.

    Other solution would be to host a pihole on your wireguard network, use pihole’s wg ip as DNS server in wg configs and in pihole create A record for your servers wg ip and domain name.

    • Danoxor@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Removing 0.0.0.0/0 didn’t really change anything, apparently on Linux (maybe specifically for wireguard?) 0.0.0.0/0 does not catch the local ip address ranges. However it was a DNS issue it seems; the default wireguard config that my router gave me for clients had DNS set to the router’s IP which generally speaking worked (I could browse the web with 0.0.0.0/0 in AllowedIPs on client) but for some reason it doesn’t resolve my domain correctly.

      Anyways I’m gonna settle with only 192.168.x.0/24 in AllowedIPs, since I don’t really need a full tunnel, and DNS=1.1.1.1 in client config. Maybe I’ll eventually set up a pihole but I’m not so keen on doing that for now. Nonetheless thanks :)

  • zfa@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I assume you already have DNS=192.168.0.1 defined in your client WG config (or whatever DNS server you use at home)?