IP-Range for Clients on wireguard server?

glineter · June 29, 2023, 10:42am

Hey,

is there any possibility to give wireguard clients a specific range of IPs?

If I choose 192.168.178.7 for wireguard server it starts the clients from 192.168.178.2, but I want to start them from 192.168.178.8. Just an example.

Cheers
glineter

yuxin.zou · July 1, 2023, 8:26am

This feature is not currently supported. You can only modify the wireguard config file manually with SSH.
Can you tell us about your scenario?

alzhao · July 2, 2023, 3:12am

When you change the subnet of the vpn, don’t use the same subnet as your lan.

glineter · July 3, 2023, 12:59pm

ah, ok, thanks for the info.
I tried first to implement the Brume 2 into DMZ on my ipfire with no success.
the DMZ on ipfire is set to 10.1.1.1, so the LAN should be on 10.1.1.2 (or smth like that) with the range of 10.1.1.3 to 10.1.1.7 or smth like that. The VPN subnet must be smth like 10.0.0.1. But then I get no connection. So I tried to implement it to the green network (internal) of the ipfire to test it there.

There I have some machines, which running on 192.168.178.1 to 192.168.178.6 (as example). So I choose 192.168.178.7 for the LAN ob Brume2. But if I choose the VPN server also to 192.168.178.7, it gives me clients beginning with 192.168.178.2.

Now I understand, I should not choose the same subnet. So the VPN must have f. e. 192.168.2.1. Then I would have no problem with clients. But as it seems I don’t really understand the VPN and subnet thing enough. How can the VPN server have his own subnet without having another network card? So is it some ‘software subnet’ or how can I understand it?

Because the ipfire has several network cards, so it can have several subnets, for which I can make rules in the firewall. But if I have the LAN adress of the Brume2, I can manage it within the firewall, but how should I manage the rules for the VPN server, which runs on a different subnet without another network card?

I’m not sure, if I can really explain this problem, sorry

yuxin.zou · July 4, 2023, 4:38am

It is a virtual subnet. At the application layer it looks like communication through another Network interface controller.

glineter · July 4, 2023, 6:44pm

ah, ok, so it should work with the LAN of the ipfire interface and some other subnet on the wireguard server. Then the range doesn’t matter.