!DyNqdIXIPmvFJVpIJJ:matrix.org

WireGuard

586 Members
Unofficial matrix channel about wireguard related stuff. Everything about installation, administration and usage can be discussed here! Wireguard - the fast, modern, secure VPN tunnel78 Servers

Load older messages


SenderMessageTime
27 May 2023
@quditwolf:matrix.orgquditwolf* I already have a 25s thing configured on B, I don't get how adding that to A would help, Since when the existing connection breaks(B changes networks/ips), A has no way to talk to B or initiate a connection. Unless B initiates it first. And if B can do that then we already have a connection. Nevertheless I'll try it when I'm on B in a while.13:37:13
@quditwolf:matrix.orgquditwolf I think it works now... even without the Persistent keepalive conf on A...
thx madamada
16:10:35
@quditwolf:matrix.orgquditwolf * I think it works now... though even without the Persistent keepalive conf on A...
thx madamada
16:10:43
@quditwolf:matrix.orgquditwolf
In reply to @quditwolf:matrix.org
hello people,
I have two wireguard clients, A and B
A has a public static ip, and B is behind NAT and is roaming(non static ip).
everything works when B doesn't change it's ip. I have added the persistent-keepalive config so that the NAT tunnel doesn't close.
When B changes it's ip, the connection ends. Because A's enpoint(public+static) is still reachable via B, I think the persistent-keepalive packet goes through.
Should the persistent-keepalive packet update the endpoint ip to the new one on A?

update:
yeah it should update the endpoint automatically on A.

reading up wireguard docs on their website,
I found that the endpoints update automatically when the arriving packet is from a different endpoint than before. (for both A -> B and B -> A).
so unless both the endpoints change in between packets, wireguard can adapt to the changing ips.
So having a packet sent from B to A every once in a while to update A's endpoint should be enough(persistentkeepalive in B's conf)

16:11:33
@madamada:matrix.orgmadamadayep, WG does that automatically 16:40:21
@madamada:matrix.orgmadamadagood to know it works for you now 16:40:56
@quditwolf:matrix.orgquditwolfanother question, though not directly related to wireguard, I actually have two wireguard peers on the local nat, B1 & B2, B2 always stays at home on the home-lan and B1 sometimes goes roaming, B1 routes to B2 fine through the lan, but when B1 goes roaming, it loses the connection to B2 (obviously) I know how to route traffic to B2 via A, ip forwarding + iptables/nft on A, and that will work everywhere. but B1 will always route to B2 through A even if B1 is at home...(increased latency,server charges and what not) how do I setup routing such that (B1 <-> B2) when B1 is at home if possible, else route through A (B1 <-> A <-> B2)... I don't think this happens automatically if I add both routes in my wg0.conf, it defaults to the B1 <-> B2 even if that's not reachable...16:54:27
@quditwolf:matrix.orgquditwolf * another question, though not directly related to wireguard, I actually have two wireguard peers on the local nat, B1 & B2, B2 always stays at home on the home-lan and B1 sometimes goes roaming, B1 routes to B2 fine through the lan, but when B1 goes roaming, it loses the connection to B2 (obviously) I know how to route traffic to B2 via A, ip forwarding + iptables/nft on A, and that will work everywhere. but B1 will always route to B2 through A even if B1 is at home...(increased latency,server charges and what not) how do I setup routing such that (B1 <-> B2) when B1 is at home if possible, else route through A (B1 <-> A <-> B2)... I don't think this happens automatically, cause if I add both routes in my wg0.conf, it defaults to the B1 <-> B2 even if that's not reachable... 16:54:47
@quditwolf:matrix.orgquditwolf * another question, though not directly related to wireguard, I actually have two wireguard peers on the local nat, B1 & B2, B2 always stays at home on the home-lan and B1 sometimes goes roaming, B1 routes to B2 fine through the lan, but when B1 goes roaming, it loses the connection to B2 (obviously) I know how to route traffic to B2 via A, ip forwarding + iptables/nft on A, and that will work everywhere. but B1 will always route to B2 through A even if B1 is at home...(increased latency,server charges and what not) how do I setup routing such that (B1 <-> B2) when B1 is at home if possible, else route through A (B1 <-> A <-> B2)... I don't think this happens automatically, cause if I add both routes, it defaults to the B1 <-> B2 even if that's not reachable... 16:54:59
@quditwolf:matrix.orgquditwolf * another question, though not directly related to wireguard, I actually have two wireguard peers on the local nat, B1 & B2, B2 always stays at home on the home-lan and B1 sometimes goes roaming, B1 routes to B2 fine through the lan, but when B1 goes roaming, it loses the connection to B2 (obviously) I know how to route traffic to B2 via A, ip forwarding + iptables/nft on A, and that will work everywhere. but B1 will always route to B2 through A even if B1 is at home...(increased latency,server charges and what not) how do I setup routing such that (B1 <-> B2) when B1 is at home if possible, else route through A (B1 <-> A <-> B2)... I don't think this happens automatically, cause if I add both routes, it defaults to the B1 <-> B2 even if that's not reachable... or should it? 16:55:05
@quditwolf:matrix.orgquditwolf * another question, though not directly related to wireguard, I actually have two wireguard peers on the local nat, B1 & B2, B2 always stays at home on the home-lan and B1 sometimes goes roaming, B1 routes to B2 fine through the lan, but when B1 goes roaming, it loses the connection to B2 (obviously) I know how to route traffic to B2 via A, ip forwarding + iptables/nft on A, and that will work everywhere. but B1 will always route to B2 through A even if B1 is at home...(increased latency,server charges and what not) how do I setup routing such that (B1 <-> B2) when B1 is at home if possible, else route through A (B1 <-> A <-> B2)... I don't think this happens automaticall(should it?), cause if I add both routes, it defaults to the B1 <-> B2 even if that's not reachable... 17:07:33
@madamada:matrix.orgmadamadamaybe write a script that changes the routes base on where it's connecting from or connecting to 17:37:48
28 May 2023
@quditwolf:matrix.orgquditwolfWrote a network manager dispatcher script, runs on network change... to remove the allowed ip from the peerB2 and it'll default to route through A. What would be a nice event driven way to do it on B2? Since B1 just drops off without notice to B2. And when B1 connects to B2, it appears to B2 as if A is making the request(I think)...16:25:55
@quditwolf:matrix.orgquditwolf* Wrote a network manager dispatcher script, which runs on network connectivity change... It checks if B2 is locally reachable and if not, removes the allowed ip from the peer B2 and it'll default to route through A. What would be a nice event driven way to do it on B2? Since B1 just drops off without notice to B2. And when B1 connects to B2, it appears to B2 as if A is making the request(I think)...16:27:00
@madamada:matrix.orgmadamadathat's expected of B219:26:37
@madamada:matrix.orgmadamadaon B2, u could write something that checks the change of B1 and if true, update it's end19:28:19
31 May 2023
@plaguelife:matrix.orgDoppler joined the room.08:11:18
@foxfyre:matrix.orgfoxfyre joined the room.15:27:31
@foxfyre:matrix.orgfoxfyreEasy Q. Home setup as "host" for devices to tunnel into. Works well except I'm not getting google push notifications. I've read I need to open ports 5228-5230. Would I forward them to the Lan or WG0 interface?15:28:55
@quditwolf:matrix.orgquditwolfyou use that host as a vpn for those devices(which are not getting the notifications?)16:07:46
@foxfyre:matrix.orgfoxfyre
In reply to @quditwolf:matrix.org
you use that host as a vpn for those devices(which are not getting the notifications?)
Correct
16:11:24
@quditwolf:matrix.orgquditwolf * you use that host as a vpn for those devices(which are not getting the notifications)?16:11:37
@quditwolf:matrix.orgquditwolfI have no idea how google's push notifs work but they probably work behind NAT(most people are behind NAT, and they must work for most people :) and NAT has no open inbound ports... maybe the tunnel dies and the push fails? maybe a persistent-keepalive config can help...16:17:28
@foxfyre:matrix.orgfoxfyrealready have it at 25 :(16:17:48
@quditwolf:matrix.orgquditwolf
In reply to foxfyre
Easy Q. Home setup as "host" for devices to tunnel into. Works well except I'm not getting google push notifications. I've read I need to open ports 5228-5230. Would I forward them to the Lan or WG0 interface?
you'd have to forward them to wg0 I think.
16:24:34
@foxfyre:matrix.orgfoxfyre
In reply to @quditwolf:matrix.org
you'd have to forward them to wg0 I think.
I think so to, ty for the thoughts.
16:28:14
@foxfyre:matrix.orgfoxfyre
In reply to @quditwolf:matrix.org
you'd have to forward them to wg0 I think.
* I think so too, ty for the thoughts.
16:28:20
@foxfyre:matrix.orgfoxfyreI could allow google play services to not be tunnled but that kinda feels dirty16:28:41
1 Jun 2023
@mazyanibaba:matrix.orgbabaLatest version need sensor permission in user profile/ second profile. Its bad15:16:02
@mazyanibaba:matrix.orgbaba
In reply to @mazyanibaba:matrix.org
Latest version need sensor permission in user profile/ second profile. Its bad
I cant receive packets, while the tunnel sucessfully connected. I only see transfer bits
15:24:33

There are no newer messages yet.


Back to Room ListRoom Version: 5