* Is it possible to disable wireguard on specific Wi-Fi ?
@ 2022-04-18 2:12 Nohk Two
2022-04-22 6:16 ` Björn Fries
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Nohk Two @ 2022-04-18 2:12 UTC (permalink / raw)
To: wireguard
Hello,
I setup a wireguard server at home and has a public IP address. This
server allows the clients to access my LAN (e.g. 192.168.87.0/24) and
configuring the DNS servers as my DNS servers in my LAN (e.g.
192.168.87.1 and 192.168.87.2).
My family members use their phones (iPhone and Android) to connect to my
LAN via the Wireguard for iOS/Android App. And this worked perfectly
while the phones are using the 4G/5G network.
But when the phones connect to the Wi-Fi of my home's router, the DHCP
assigns the IP addresses as 192.168.87.0/24, it's my LAN, to the phones.
In this situation, phones' owners should manually turn off their
Wireguard connection to have the internet accessing. I guess there are
something conflict because the vanilla IP network and the allowed IP
network are the same.
So, I have this idea that if it is possible to configure the Wireguard
app to turn off or disable automatically when the network is established
on specific Wi-Fi SSIDs ?
Or do you have better ideas ?
Thanks.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-18 2:12 Is it possible to disable wireguard on specific Wi-Fi ? Nohk Two
@ 2022-04-22 6:16 ` Björn Fries
2022-04-22 9:51 ` Björn Fries
2022-04-22 11:05 ` Nohk Two
2022-04-22 13:36 ` Jason Grant
2022-04-22 18:23 ` Kai Haberzettl
2 siblings, 2 replies; 12+ messages in thread
From: Björn Fries @ 2022-04-22 6:16 UTC (permalink / raw)
To: wireguard
Hello,
Am 18.04.22 um 04:12 schrieb Nohk Two:
> This
> server allows the clients to access my LAN (e.g. 192.168.87.0/24) and
[..]
> But when the phones connect to the Wi-Fi of my home's router, the DHCP
> assigns the IP addresses as 192.168.87.0/24, it's my LAN, to the phones.
[...]
> Or do you have better ideas ?
the way I solve this is that I use a slightly larger /23-subnet in the
AllowedIPs=192.168.87.0/23
and when I get a local IP inside 192.168.87.0/24 at home, the kernel
automatically uses the more specific route.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-22 6:16 ` Björn Fries
@ 2022-04-22 9:51 ` Björn Fries
2022-04-22 13:00 ` Nohk Two
2022-04-22 11:05 ` Nohk Two
1 sibling, 1 reply; 12+ messages in thread
From: Björn Fries @ 2022-04-22 9:51 UTC (permalink / raw)
To: wireguard
Am 22.04.22 um 08:16 schrieb Björn Fries:
> the way I solve this is that I use a slightly larger /23-subnet in the
> AllowedIPs=192.168.87.0/23
>
> and when I get a local IP inside 192.168.87.0/24 at home, the kernel
> automatically uses the more specific route.
an example:
my laptop e.g. has
Address = 172.22.247.58/32
PrivateKey = xxx
[Peer]
PublicKey = xxx
AllowedIPs = 172.22.144.1/32, 192.168.0.0/23
Endpoint = myhomeIP:51820
PersistentKeepalive = 25
172.22.144.1/32 is the wireguard-IP of my wireguard-server at home.
This way I can reach for example my printer at 192.168.0.10 even if I am
on the move, because my wireguard server is installed on my router at
home (Unifi USG-3P).
The printer sends it packets for 172.22.247.58 simply to its default
gateway, which is my router/wg-server, that forwards it over wireguard.
When I'm in my network at home, my laptop gets the IP 192.168.1.72/24
and automatically talks to the other devices in the LAN without taking
the wireguard route, because the subnet is more specific.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-22 6:16 ` Björn Fries
2022-04-22 9:51 ` Björn Fries
@ 2022-04-22 11:05 ` Nohk Two
2022-04-22 13:40 ` Björn Fries
1 sibling, 1 reply; 12+ messages in thread
From: Nohk Two @ 2022-04-22 11:05 UTC (permalink / raw)
To: wireguard
On 2022/4/22 14:16, Björn Fries wrote:
> Hello,
>
> Am 18.04.22 um 04:12 schrieb Nohk Two:
>> This server allows the clients to access my LAN (e.g. 192.168.87.0/24)
>> and
> [..]
>> But when the phones connect to the Wi-Fi of my home's router, the DHCP
>> assigns the IP addresses as 192.168.87.0/24, it's my LAN, to the phones.
> [...]
>> Or do you have better ideas ?
>
> the way I solve this is that I use a slightly larger /23-subnet in the
> AllowedIPs=192.168.87.0/23
>
> and when I get a local IP inside 192.168.87.0/24 at home, the kernel
> automatically uses the more specific route.
I think I know your point. And since my network is 192.168.87.0/24, I
have to use 192.168.86.0/23 (not 192.168.87.0/23) in the AllowedIPs.
Because "87" is an odd number and it's "1000 0111" in binary
However, it failed in my Android phone. There is no internet accessing
as usual. I didn't try this in iPhone because Eugenio Tampieri told me
that Wireguard for iOS has the feature I required (and worked nicely)
but not Android.
Maybe I have to adjust my LAN's network to even number to make /24
enlarge to /23 happy.
Thank you very much.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-22 9:51 ` Björn Fries
@ 2022-04-22 13:00 ` Nohk Two
0 siblings, 0 replies; 12+ messages in thread
From: Nohk Two @ 2022-04-22 13:00 UTC (permalink / raw)
To: wireguard
On 2022/4/22 17:51, Björn Fries wrote:
> Am 22.04.22 um 08:16 schrieb Björn Fries:
>> the way I solve this is that I use a slightly larger /23-subnet in the
>> AllowedIPs=192.168.87.0/23
>>
>> and when I get a local IP inside 192.168.87.0/24 at home, the kernel
>> automatically uses the more specific route.
>
> an example:
> my laptop e.g. has
>
> Address = 172.22.247.58/32
> PrivateKey = xxx
>
> [Peer]
> PublicKey = xxx
> AllowedIPs = 172.22.144.1/32, 192.168.0.0/23
> Endpoint = myhomeIP:51820
> PersistentKeepalive = 25
>
> 172.22.144.1/32 is the wireguard-IP of my wireguard-server at home.
>
> This way I can reach for example my printer at 192.168.0.10 even if I am
> on the move, because my wireguard server is installed on my router at
> home (Unifi USG-3P).
> The printer sends it packets for 172.22.247.58 simply to its default
> gateway, which is my router/wg-server, that forwards it over wireguard.
>
> When I'm in my network at home, my laptop gets the IP 192.168.1.72/24
> and automatically talks to the other devices in the LAN without taking
> the wireguard route, because the subnet is more specific.
I referred to your example and the Android phone is now:
[Interface]
Address = 192.168.19.30/32
DNS = 192.168.87.1, 192.168.87.2
PrivateKey = xxx
[Peer]
PublicKey = xxx
AllowedIPs = 192.168.19.1/32, 192.168.86.0/23
Endpoint = myhomeIP:4999
PresharedKey = xxx
192.168.19.1/32 is my wireguard-IP address of my wireguard-server at home.
It work nicely if the Android phone is on 4G network. But it still
failed when I connect to my LAN's Wi-Fi (no internet accessing and no
LAN accessing). The phone got the LAN IP address 192.168.87.11/24 from
the DHCP server.
Maybe the routing implementation in Android doesn't fit this solution.
Anyway, thank you very much. :)
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-18 2:12 Is it possible to disable wireguard on specific Wi-Fi ? Nohk Two
2022-04-22 6:16 ` Björn Fries
@ 2022-04-22 13:36 ` Jason Grant
2022-04-22 18:23 ` Kai Haberzettl
2 siblings, 0 replies; 12+ messages in thread
From: Jason Grant @ 2022-04-22 13:36 UTC (permalink / raw)
To: wireguard
On 17 Apr 2022, at 21:12, Nohk Two wrote:
> So, I have this idea that if it is possible to configure the Wireguard
> app to turn off or disable automatically when the network is
> established on specific Wi-Fi SSIDs ?
The MacOS WireGuard client has exactly this feature. You can
enable/disable on-demand access for particular SSIDs, and it’s very
useful for a situation where you’re moving your device around, between
home and office say. Any timetable for adding this feature to other
platforms, like Windows or Android?
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-22 11:05 ` Nohk Two
@ 2022-04-22 13:40 ` Björn Fries
2022-04-22 15:55 ` Nohk Two
0 siblings, 1 reply; 12+ messages in thread
From: Björn Fries @ 2022-04-22 13:40 UTC (permalink / raw)
To: wireguard
Am 22.04.22 um 13:05 schrieb Nohk Two:
> However, it failed in my Android phone.
I don't use wireguard on my phone on the moment, but perhaps there was a
difference whether you use the (non-root) wireguard-go implementation or
the kernel module on android.
I guess I used the kernel module as I nearly weekly try new custom roms
on my phone.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-22 13:40 ` Björn Fries
@ 2022-04-22 15:55 ` Nohk Two
0 siblings, 0 replies; 12+ messages in thread
From: Nohk Two @ 2022-04-22 15:55 UTC (permalink / raw)
To: wireguard
On 2022/4/22 21:40, Björn Fries wrote:
>
>
> Am 22.04.22 um 13:05 schrieb Nohk Two:
>> However, it failed in my Android phone.
> I don't use wireguard on my phone on the moment, but perhaps there was a
> difference whether you use the (non-root) wireguard-go implementation or
> the kernel module on android.
> I guess I used the kernel module as I nearly weekly try new custom roms
> on my phone.
I just checked my Wireguard for Android App, the settings page shows:
WireGuard for Android v1.0.20211029
Go userspace backend eb6302c
So my wireguard on my Android phone is the non-root wireguard-go
implementation.
So said that I don't use custom ROMs, I always use official ROMs.
At least I still can turn off the wireguard manually. :)
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-18 2:12 Is it possible to disable wireguard on specific Wi-Fi ? Nohk Two
2022-04-22 6:16 ` Björn Fries
2022-04-22 13:36 ` Jason Grant
@ 2022-04-22 18:23 ` Kai Haberzettl
2022-04-23 2:01 ` Nohk Two
2 siblings, 1 reply; 12+ messages in thread
From: Kai Haberzettl @ 2022-04-22 18:23 UTC (permalink / raw)
To: Nohk Two; +Cc: WireGuard mailing list
On Fri, Apr 22, 2022 at 2:26 AM Nohk Two <nohktwo@gmail.com> wrote:
>
[...]
> So, I have this idea that if it is possible to configure the Wireguard
> app to turn off or disable automatically when the network is established
> on specific Wi-Fi SSIDs ?
>
> Or do you have better ideas ?
As a workaround, you can achieve what you want with tasker.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-22 18:23 ` Kai Haberzettl
@ 2022-04-23 2:01 ` Nohk Two
0 siblings, 0 replies; 12+ messages in thread
From: Nohk Two @ 2022-04-23 2:01 UTC (permalink / raw)
To: Kai Haberzettl; +Cc: WireGuard mailing list
On 2022/4/23 02:23, Kai Haberzettl wrote:
> On Fri, Apr 22, 2022 at 2:26 AM Nohk Two <nohktwo@gmail.com> wrote:
>>
> [...]
>> So, I have this idea that if it is possible to configure the Wireguard
>> app to turn off or disable automatically when the network is established
>> on specific Wi-Fi SSIDs ?
>>
>> Or do you have better ideas ?
>
> As a workaround, you can achieve what you want with tasker.
Indeed, this "tasker" app might work. Though it's some kind of overkill.
I will consider this workaround on the Android phone when there are no
other solutions.
Thank you very much.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
2022-04-22 9:29 ` wireguard
@ 2022-04-22 12:08 ` Nohk Two
0 siblings, 0 replies; 12+ messages in thread
From: Nohk Two @ 2022-04-22 12:08 UTC (permalink / raw)
To: wireguard
On 2022/4/22 17:29, wireguard@qupfer.de wrote:
>
> On 18.04.22 04:12, Nohk Two wrote:
>> I guess there are something conflict because the vanilla IP network
>> and the allowed IP network are the same.
>
> Thats right, but you can simply use other IPs for your WG clients
> (192.168.187.0/24 or 172.16.0.0/24)
>
Hello,
I'm not sure if I understand your idea correctly.
It's not easy to configure my router's DHCP server to assign specific IP
addresses (192.168.187.0/24 or 172.16.0.0/24) to the specific phones
which connect to my LAN.
Even I did it eventually, the phones can't access to my LAN when the
wireguard is turned off because "192.168.187.0/24 or 172.16.0.0/24"
can't reach to my LAN (i.e. 192.168.87.0/24).
By the way, the WG tunnel interface's IP address (e.g. 192.168.19.0/24)
is already different from my LAN's (i.e. 192.168.87.0/24).
Regards :)
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Is it possible to disable wireguard on specific Wi-Fi ?
[not found] <77422@imapsync>
@ 2022-04-22 9:29 ` wireguard
2022-04-22 12:08 ` Nohk Two
0 siblings, 1 reply; 12+ messages in thread
From: wireguard @ 2022-04-22 9:29 UTC (permalink / raw)
To: Nohk Two, wireguard
On 18.04.22 04:12, Nohk Two wrote:
> I guess there are something conflict because the vanilla IP network
> and the allowed IP network are the same.
Thats right, but you can simply use other IPs for your WG clients
(192.168.187.0/24 or 172.16.0.0/24)
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2022-04-23 2:03 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-18 2:12 Is it possible to disable wireguard on specific Wi-Fi ? Nohk Two
2022-04-22 6:16 ` Björn Fries
2022-04-22 9:51 ` Björn Fries
2022-04-22 13:00 ` Nohk Two
2022-04-22 11:05 ` Nohk Two
2022-04-22 13:40 ` Björn Fries
2022-04-22 15:55 ` Nohk Two
2022-04-22 13:36 ` Jason Grant
2022-04-22 18:23 ` Kai Haberzettl
2022-04-23 2:01 ` Nohk Two
[not found] <77422@imapsync>
2022-04-22 9:29 ` wireguard
2022-04-22 12:08 ` Nohk Two
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).