Going to be travelling a fair bit for work again now so thought I’d get myself a travel router to secure all my devices whilst in hotels etc. and because I like tinkering.
I’ve been running PiVPN (WireGuard) on Raspberry PI 3B for several months now with no issues on a few iOS and MacOS client devices (on-demand) whilst out and about. The PiVPN sits on a local static IP, wired in on my home network (Edge Router X)
Figured I could just grab the new Opal and set it up in a similar fashion, for connected devices to behave much as if they were connected to LAN at home.
For the most part, setup was pretty straight forward using defaults out of the box, I’ve been able to install the dedicated WG client config and it connects just fine, along with the Kill Switch, all good!
The one problem I’ve found is with the repeater mode, where I’m using an existing wifi to act as the internet connection (as I would often if in hotel). I tested at a friends house who has the same router as me, set to same subnet as I have at home, namely 192.168.1.0/24
When connected in this way vpn appears to connect fine but it just doesn’t resolve addresses on my home lan, despite the Opal being on the 192.168.8.1/24 subnet. If I connect my iPhone hotspot as the internet to the Opal it works as expected.
I realise I could change my home subnet but I’ve got a fair amount of stuff statically assigned which would be a pain to rework. Can anyone help point me in the right direction for a solution and mitigate against any future such clash when picking up wifi hotspots on my travels?
You cannot successfully go from one place with 192.168.1.xx to another place with 192.168.1.xx. Or any other place if you are traversing a place with 192.168.1.xx.
Ever.
This is precisely why the Gl-iNet scheme defaults to 192.168.8.xx, and others are 192.168.50.xx, because most routers seem to default to 192.168.0.xx or 192.168.1.xx.
If your home router has a subnet of 192.168.1.xx, then change it. If you are a friend to your friend, tell him to change theirs too.
Typically this is a server side setting. If I follow, you have a home network run by a router that has an OpenVPN server, and with your Opal connected to some external location you want the Opal as a client to connect to that VPN server, and from that connect to server side local machines. If your configuration is different you might straighten me out.
If so, the OpenVPN server needs to be configured to push a route to the LAN to clients when they connect. The server configuration would contain this line:
with those xx’s being the second and third numbers in your network.
Also, while you can connect to the VPN Server and access the internet, that doesn’t necessarily mean that you are accessing the internet over the tunnel. You’d need to do a tracert to tell. The server controls that by pushing a change in the default gateway.
==== 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1 console.gl-inet.com (192.168.8.1) 2.531 ms 1.219 ms 1.020 ms
2 10.6.0.1 (10.6.0.1) 43.261 ms 46.652 ms 41.990 ms
3 10.19.80.254 (10.19.80.254) 41.218 ms 47.561 ms 41.909 ms
4 10.53.32.13 (10.53.32.13) 55.635 ms 55.058 ms 53.635 ms
5 manc-core-2a-xe-8118-0.network.virginmedia.net (80.5.164.1) 65.512 ms 61.072 ms 56.800 ms
6 * * *
7 tcl5-ic-4-ae5-0.network.virginmedia.net (62.252.192.246) 70.224 ms 59.767 ms 56.634 ms
8 cpc69435-hink4-2-0-cust116.8-2.cable.virginm.net (62.252.5.117) 70.754 ms
74.125.146.216 (74.125.146.216) 62.499 ms 69.692 ms
9 * * *
10 dns.google (8.8.8.8) 60.979 ms 61.020 ms 64.692 ms
RPI (WireGuard Server)
traceroute to 10.19.80.15 (10.19.80.15), 64 hops max, 52 byte packets
1 console.gl-inet.com (192.168.8.1) 2.293 ms 1.571 ms 1.222 ms
2 10.19.80.15 (10.19.80.15) 42.236 ms 41.546 ms 44.191 ms
Server Side LAN IP
traceroute to 10.19.80.121 (10.19.80.121), 64 hops max, 52 byte packets
1 console.gl-inet.com (192.168.8.1) 3.155 ms 1.771 ms 1.438 ms
2 10.6.0.1 (10.6.0.1) 50.281 ms 42.831 ms 48.966 ms
3 10.19.80.121 (10.19.80.121) 47.020 ms 46.407 ms 45.917 ms
I reinstalled PiVPN and can reach server side IPs now
The key difference now is between iOS client and Opal router - iOS does hostname resolution, the Opal does not. I’d like to be able to resolve by hostname on Opal.
Config file is the same bar keys & interface address.
Just for clarity, my main router at home is EdgeRouter X, setup as a DNS Forwader, backing off to CloudFlare. It is also running DHCP with Dnsmaq enabled, so statically assigned IPs are able to be resolved by their host name. System domain is also configured as ‘home.lan’. The Raspberry Pi (PiVPN/WireGuard Server) sits on this LAN.
How is it that server side hostnames resolve if using WireGuard on my iPhone (iOS app) over cellular network, yet on the very same iPhone if I switch off VPN but connect to Opal router running WireGuard tunnel (near identical WireGuard config) it does not resolve hostnames?
Thanks for the clarification. Dnsmasq on your ER-X should be resolving the server-side LAN hostnames without NetBIOS. It seems your iPhone is getting name resolution from Dnsmasq, but not your Opal.
My suspicion is that Opal is not using the DNS server from the Wireguard config. Can you show “nslookup google.com” in SSH? Also, test by manually entering 10.19.80.254 as the DNS server in a local client-side device?
I do not work for and I do not have formal association with GL.iNet
