Problem Resolving LAN IPs - Opal > PiVPN

Hi All,

Going to be travelling a fair bit for work again now so thought I’d get myself a travel router to secure all my devices whilst in hotels etc. and because I like tinkering.

I’ve been running PiVPN (WireGuard) on Raspberry PI 3B for several months now with no issues on a few iOS and MacOS client devices (on-demand) whilst out and about. The PiVPN sits on a local static IP, wired in on my home network (Edge Router X)

Figured I could just grab the new Opal and set it up in a similar fashion, for connected devices to behave much as if they were connected to LAN at home.

For the most part, setup was pretty straight forward using defaults out of the box, I’ve been able to install the dedicated WG client config and it connects just fine, along with the Kill Switch, all good!

The one problem I’ve found is with the repeater mode, where I’m using an existing wifi to act as the internet connection (as I would often if in hotel). I tested at a friends house who has the same router as me, set to same subnet as I have at home, namely

When connected in this way vpn appears to connect fine but it just doesn’t resolve addresses on my home lan, despite the Opal being on the subnet. If I connect my iPhone hotspot as the internet to the Opal it works as expected.

I realise I could change my home subnet but I’ve got a fair amount of stuff statically assigned which would be a pain to rework. Can anyone help point me in the right direction for a solution and mitigate against any future such clash when picking up wifi hotspots on my travels?

You cannot successfully go from one place with 192.168.1.xx to another place with 192.168.1.xx. Or any other place if you are traversing a place with 192.168.1.xx.


This is precisely why the Gl-iNet scheme defaults to 192.168.8.xx, and others are 192.168.50.xx, because most routers seem to default to 192.168.0.xx or 192.168.1.xx.

If your home router has a subnet of 192.168.1.xx, then change it. If you are a friend to your friend, tell him to change theirs too.

Many thanks. I’d best get reconfiguring then :slight_smile:

I’m still stuck on this.

I’ve reconfigured my home network… now on (no clash with WireGuard server virtual subnet)

On the Opal router, I can connect to VPN server and access the internet but cannot see local machines on the server side (home).

If I use the WireGuard on my iPhone it connects to server and I can access server side local machines.

This suggests something in the Opals config is giving me the issue.

What am I missing?

Typically this is a server side setting. If I follow, you have a home network run by a router that has an OpenVPN server, and with your Opal connected to some external location you want the Opal as a client to connect to that VPN server, and from that connect to server side local machines. If your configuration is different you might straighten me out.

If so, the OpenVPN server needs to be configured to push a route to the LAN to clients when they connect. The server configuration would contain this line:

push "route 10.xx.xx.0 vpn_gateway 500"

with those xx’s being the second and third numbers in your network.

Also, while you can connect to the VPN Server and access the internet, that doesn’t necessarily mean that you are accessing the internet over the tunnel. You’d need to do a tracert to tell. The server controls that by pushing a change in the default gateway.

Me, no connection with GL-inet either.

Can you post your PiVPN Wireguard config with the publickey and privatekey removed/masked out?

Can you show *tracert’*s to, to the RPi server and to an IP address (10.b.c.d) of a client device on the remote server-side LAN?

I do not work for and I do not have formal association with GL.iNet

Can I ask, the names that cannot be solved, is private IP addresses in your subnet?

Can you check “Custom DNS settings” and disable “Rebind protection”? This option disables private IP address resolve.

Address =

Endpoint =
AllowedIPs =, ::0/0

traceroute to (, 64 hops max, 52 byte packets
1 ( 2.531 ms 1.219 ms 1.020 ms
2 ( 43.261 ms 46.652 ms 41.990 ms
3 ( 41.218 ms 47.561 ms 41.909 ms
4 ( 55.635 ms 55.058 ms 53.635 ms
5 ( 65.512 ms 61.072 ms 56.800 ms
6 * * *
7 ( 70.224 ms 59.767 ms 56.634 ms
8 ( 70.754 ms ( 62.499 ms 69.692 ms
9 * * *
10 ( 60.979 ms 61.020 ms 64.692 ms

RPI (WireGuard Server)
traceroute to (, 64 hops max, 52 byte packets
1 ( 2.293 ms 1.571 ms 1.222 ms
2 ( 42.236 ms 41.546 ms 44.191 ms

Server Side LAN IP
traceroute to (, 64 hops max, 52 byte packets
1 ( 3.155 ms 1.771 ms 1.438 ms
2 ( 50.281 ms 42.831 ms 48.966 ms
3 ( 47.020 ms 46.407 ms 45.917 ms

I can resolve server-side IPs but not hostnames. My iPhone with WireGuard client resolves hostnames. The Opal router does not.

Rebind Protection already disabled

I reinstalled PiVPN and can reach server side IPs now :slight_smile:

The key difference now is between iOS client and Opal router - iOS does hostname resolution, the Opal does not. I’d like to be able to resolve by hostname on Opal.

Config file is the same bar keys & interface address.

NetBIOS hostnames do not propagate over the VPN nor across subnets:

The DNS is in the Wireguard config, so you can add your LAN devices to that?

I do not work for and I do not have formal association with GL.iNet


Just for clarity, my main router at home is EdgeRouter X, setup as a DNS Forwader, backing off to CloudFlare. It is also running DHCP with Dnsmaq enabled, so statically assigned IPs are able to be resolved by their host name. System domain is also configured as ‘home.lan’. The Raspberry Pi (PiVPN/WireGuard Server) sits on this LAN.

How is it that server side hostnames resolve if using WireGuard on my iPhone (iOS app) over cellular network, yet on the very same iPhone if I switch off VPN but connect to Opal router running WireGuard tunnel (near identical WireGuard config) it does not resolve hostnames?

Thanks for the clarification. Dnsmasq on your ER-X should be resolving the server-side LAN hostnames without NetBIOS. It seems your iPhone is getting name resolution from Dnsmasq, but not your Opal.

My suspicion is that Opal is not using the DNS server from the Wireguard config. Can you show “nslookup” in SSH? Also, test by manually entering as the DNS server in a local client-side device?

I do not work for and I do not have formal association with GL.iNet