this post was submitted on 09 Nov 2023
3 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Hi guys, hope somebody can help me with a problem. I have a few services on my homeserver that I want to be only accessible from either inside my home network, or while being connected to it with a Wireguard server that runs on my router. I can perfectly access my homeserver with its local IP address 192.168.x.y when connected with the VPN. Now I would like to be able to access it with the domain test.example.com which has its A record pointed at 192.168.x.y. This works when I am inside my home network, but not through my VPN.

Is what I am trying to do infeasible? On my client the Wireguard config has AllowedIPs=192.168.x.0/24,0.0.0.0/0, hence I can reach the homeserver via 192.168.x.y, but why does it not work via domain name through the tunnel? What does however work is editing the hosts file on my client to point test.example.com at 192.168.x.y, but I would prefer not to do so. Any ideas? Thanks in advance

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago (1 children)

0.0.0.0/0 already includes 192.168.0.0/16 However if your VPN doesn't have an "exit node" configure (it's Tailscale's name for it but basically it means that there's no machine configured to connect your tunnel to Internet) there could be issues with retrieving DNS.

I'd suggest making AllowedIP ip your-vpn-net, 192.168.y.0/24

Problem with that setup would be that while on your network with VPN turned on there could be conflicts.

Other solution would be to host a pihole on your wireguard network, use pihole's wg ip as DNS server in wg configs and in pihole create A record for your servers wg ip and domain name.

[–] [email protected] 1 points 1 year ago

Removing 0.0.0.0/0 didn't really change anything, apparently on Linux (maybe specifically for wireguard?) 0.0.0.0/0 does not catch the local ip address ranges. However it was a DNS issue it seems; the default wireguard config that my router gave me for clients had DNS set to the router's IP which generally speaking worked (I could browse the web with 0.0.0.0/0 in AllowedIPs on client) but for some reason it doesn't resolve my domain correctly.

Anyways I'm gonna settle with only 192.168.x.0/24 in AllowedIPs, since I don't really need a full tunnel, and DNS=1.1.1.1 in client config. Maybe I'll eventually set up a pihole but I'm not so keen on doing that for now. Nonetheless thanks :)

[–] [email protected] 1 points 1 year ago

I assume you already have DNS=192.168.0.1 defined in your client WG config (or whatever DNS server you use at home)?