Hi there,
I have a wireguard configuration with two peers. They are identical, apart from the IP address (see below).
When I connect to one of the peers from my Android phone, I have access to my local network (e.g. router 192.168.0.1 and the local IP of home assistant) - both when connected through the router and over 4G. But when I connect using the same peer (or the other one) on my Windows machine, I don’t have a connection to any 192.x range IP.
Well, the weird thing is that my android phone connection behave exactly as I want it to behave (access to local LAN + all internet traffic router through the VPN) with the current configuration. At least to the best of my knowledge (I have access to local LAN over 4G and get the external IP of my apartment when checking through browser).
Anyway, in the link you sent it says that “When deciding how to route a packet, the system chooses the most specific route first, and falls back to broader routes.”. This made me try:
Then it seemed to work - I could access both the router (192.168.0.1) and HA (192.168.0.41). But what did I actually do here, and why does it work? …these questions made me try:
This also behaves as I want it to. But isn’t this the default configuration?!?
Anway, problem solved, perhaps. But it would be nice to understand why it works.
EDIT: But it only works if not connected to the home wireless network! That’s still a bit weird then, because the phone works regardless of whether the connection is through the mobile 4G or through the wifi.
In your first post it shows your wifi network being in the 192.168.0.0/24 range too, if this is the same as a remote network, some unexpected things may happen. This is also going to involve how windows routes networks internally, and can get a lot more complicated.
Generally you should avoid using the same ip range if you plan on using VPN. Is it possible to set up a LAN on your router in a different ip range and try your laptop from that LAN?
System refers to wireguard here, i believe this means that if multiple connections have the same IP address, it uses the one that is the most specific (i.e. the smallest subnet).
Ah, of course. I didn’t think of your first point. Would it then be recommended to choose a unusual IP range for my whole home network, if I want to minimize problem when I connect to it from various hotel wifis etc?
Anyway, adding 192.168.0.1 and 0.0.0.0 as client_allowed_ips seems to achieve what I wanted. Let’s see if it works in the long term or if I run into unexpected problems later. Thanks!
It would be a pretty good idea to take an unusual IP range for your local network, there’s no real downside to it and it’ll likely prevent issues with VPNs.
Needless to say it does need to be within the designated private IP ranges
