From: Nohk Two <nohktwo@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: Re: Is it possible to disable wireguard on specific Wi-Fi ?
Date: Fri, 22 Apr 2022 21:00:32 +0800 [thread overview]
Message-ID: <ac6dfc98-f72c-5bb9-50c5-f8963a497656@gmail.com> (raw)
In-Reply-To: <94ddb2e7-9181-1a38-1b35-3e1a9766846e@oern.de>
On 2022/4/22 17:51, Björn Fries wrote:
> Am 22.04.22 um 08:16 schrieb Björn Fries:
>> the way I solve this is that I use a slightly larger /23-subnet in the
>> AllowedIPs=192.168.87.0/23
>>
>> and when I get a local IP inside 192.168.87.0/24 at home, the kernel
>> automatically uses the more specific route.
>
> an example:
> my laptop e.g. has
>
> Address = 172.22.247.58/32
> PrivateKey = xxx
>
> [Peer]
> PublicKey = xxx
> AllowedIPs = 172.22.144.1/32, 192.168.0.0/23
> Endpoint = myhomeIP:51820
> PersistentKeepalive = 25
>
> 172.22.144.1/32 is the wireguard-IP of my wireguard-server at home.
>
> This way I can reach for example my printer at 192.168.0.10 even if I am
> on the move, because my wireguard server is installed on my router at
> home (Unifi USG-3P).
> The printer sends it packets for 172.22.247.58 simply to its default
> gateway, which is my router/wg-server, that forwards it over wireguard.
>
> When I'm in my network at home, my laptop gets the IP 192.168.1.72/24
> and automatically talks to the other devices in the LAN without taking
> the wireguard route, because the subnet is more specific.
I referred to your example and the Android phone is now:
[Interface]
Address = 192.168.19.30/32
DNS = 192.168.87.1, 192.168.87.2
PrivateKey = xxx
[Peer]
PublicKey = xxx
AllowedIPs = 192.168.19.1/32, 192.168.86.0/23
Endpoint = myhomeIP:4999
PresharedKey = xxx
192.168.19.1/32 is my wireguard-IP address of my wireguard-server at home.
It work nicely if the Android phone is on 4G network. But it still
failed when I connect to my LAN's Wi-Fi (no internet accessing and no
LAN accessing). The phone got the LAN IP address 192.168.87.11/24 from
the DHCP server.
Maybe the routing implementation in Android doesn't fit this solution.
Anyway, thank you very much. :)
next prev parent reply other threads:[~2022-04-22 13:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-18 2:12 Nohk Two
2022-04-22 6:16 ` Björn Fries
2022-04-22 9:51 ` Björn Fries
2022-04-22 13:00 ` Nohk Two [this message]
2022-04-22 11:05 ` Nohk Two
2022-04-22 13:40 ` Björn Fries
2022-04-22 15:55 ` Nohk Two
2022-04-22 13:36 ` Jason Grant
2022-04-22 18:23 ` Kai Haberzettl
2022-04-23 2:01 ` Nohk Two
[not found] <77422@imapsync>
2022-04-22 9:29 ` wireguard
2022-04-22 12:08 ` Nohk Two
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac6dfc98-f72c-5bb9-50c5-f8963a497656@gmail.com \
--to=nohktwo@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).