Self-Hosted Main

502 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

[email protected]

Can't access homeserver through VPN tunnel with domain pointing at local IP address (alien.top)

submitted 10 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Hi guys, hope somebody can help me with a problem. I have a few services on my homeserver that I want to be only accessible from either inside my home network, or while being connected to it with a Wireguard server that runs on my router. I can perfectly access my homeserver with its local IP address 192.168.x.y when connected with the VPN. Now I would like to be able to access it with the domain test.example.com which has its A record pointed at 192.168.x.y. This works when I am inside my home network, but not through my VPN.

Is what I am trying to do infeasible? On my client the Wireguard config has AllowedIPs=192.168.x.0/24,0.0.0.0/0, hence I can reach the homeserver via 192.168.x.y, but why does it not work via domain name through the tunnel? What does however work is editing the hosts file on my client to point test.example.com at 192.168.x.y, but I would prefer not to do so. Any ideas? Thanks in advance

top 3 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 10 months ago (1 children)

0.0.0.0/0 already includes 192.168.0.0/16 However if your VPN doesn't have an "exit node" configure (it's Tailscale's name for it but basically it means that there's no machine configured to connect your tunnel to Internet) there could be issues with retrieving DNS.

I'd suggest making AllowedIP ip your-vpn-net, 192.168.y.0/24

Problem with that setup would be that while on your network with VPN turned on there could be conflicts.

Other solution would be to host a pihole on your wireguard network, use pihole's wg ip as DNS server in wg configs and in pihole create A record for your servers wg ip and domain name.

[–] [email protected] 1 points 10 months ago

Removing 0.0.0.0/0 didn't really change anything, apparently on Linux (maybe specifically for wireguard?) 0.0.0.0/0 does not catch the local ip address ranges. However it was a DNS issue it seems; the default wireguard config that my router gave me for clients had DNS set to the router's IP which generally speaking worked (I could browse the web with 0.0.0.0/0 in AllowedIPs on client) but for some reason it doesn't resolve my domain correctly.

Anyways I'm gonna settle with only 192.168.x.0/24 in AllowedIPs, since I don't really need a full tunnel, and DNS=1.1.1.1 in client config. Maybe I'll eventually set up a pihole but I'm not so keen on doing that for now. Nonetheless thanks :)

[–] [email protected] 1 points 10 months ago

I assume you already have DNS=192.168.0.1 defined in your client WG config (or whatever DNS server you use at home)?