From: "Claire" <claire@sharkgirl.ing>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
"Claire Elaina" <git@claire.sharkgirl.ing>
Cc: <wireguard@lists.zx2c4.com>, <adam.irr@outlook.com>
Subject: Re: [PATCH wireguard-tools] wg-quick: android: add support for {Pre, Post}{Up, Down} hooks
Date: Mon, 26 May 2025 08:45:12 +1000 [thread overview]
Message-ID: <DA5LTSNK3G6X.3KKK3AAQ328MJ@sharkgirl.ing> (raw)
In-Reply-To: <aDMQ6eE_aIUTV4dB@zx2c4.com>
> Wondering, what commands do you want to run?
PostUp = wg set CelesteWAN fwmark 0
X problem:
I have a Raspberry Pi at home, and I want to have an encrypted link
between it and client devices. When I'm at home (i.e. connected to
the Pi's LAN), I want the clients to connect directly to the Pi with
its LAN IP address. When I'm away from home, I want them to connect
through a remote server that has access to the Pi.
Y problem:
I cannot do port forwarding on my home internet connection because of
CGNAT (hence, I cannot have the clients use the Pi's public IP
address). My cursed idea is to nest Wireguard over Wireguard when not
on LAN, so the connection would be "Phone -> Server -> Pi". This works
fine on my laptop, but unfortunately not on my phone (pings to the Pi
result in no response).
However, when I manually run `wg set CelesteWAN fwmark 0` after the
tunnel is already set up, the connection works. I have made a patch to
allow setting FwMark in the config, but it doesn't work when testing.
Perhaps the `iptables -m mark ...` rules are interfering. I want to
try only setting the `fwmark` for the interface, but I feel like it's
too niche to upstream, so I wanted to add generic command execution.
If there's a less cursed way to make Wireguard over Wireguard work, or
even not having to do WoW, I'd appreciate it.
Sincerely,
Claire Elaina
prev parent reply other threads:[~2025-05-25 23:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-25 8:04 Claire Elaina
2025-05-25 12:45 ` Jason A. Donenfeld
2025-05-25 22:45 ` Claire [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DA5LTSNK3G6X.3KKK3AAQ328MJ@sharkgirl.ing \
--to=claire@sharkgirl.ing \
--cc=Jason@zx2c4.com \
--cc=adam.irr@outlook.com \
--cc=git@claire.sharkgirl.ing \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).