Joined: 18 Mar 2014 Posts: 12881 Location: Netherlands
Posted: Sat Apr 11, 2020 11:32 Post subject:
avalx wrote:
As per guide I configured my android client to connect only to my local LAN via wireguard, i.e. setting Allowed IPs to include wireguard server and my LAN IP: 10.4.0.1/32, 10.55.66.0/24
Now I would like to also reach one specific host on the Internet via the wireguard interface - something like a new route to this host.
Is this possible to configure with the Allowed IPs and if yes what shoud I put in the config on the client side?
An interesting question (from your post I understand that it is actually working )
But yes, if you just add that address to the allowed IP's it should work (in theory).
But as this is a brand new option I just did a quick test, I removed everything from the allowed IP's and only added the peers IP address/32 and 104.26.8.109/32 (which is ipchicken.com which shows your external IP), Save/Apply and wait for some moments and ipchicken.com shows the IP address from my VPN provider and ipleak.net the IP address from my ISP.
As per guide I configured my android client to connect only to my local LAN via wireguard, i.e. setting Allowed IPs to include wireguard server and my LAN IP: 10.4.0.1/32, 10.55.66.0/24
Now I would like to also reach one specific host on the Internet via the wireguard interface - something like a new route to this host.
Is this possible to configure with the Allowed IPs and if yes what shoud I put in the config on the client side?
An interesting question (from your post I understand that it is actually working )
But yes, if you just add that address to the allowed IP's it should work (in theory).
But as this is a brand new option I just did a quick test, I removed everything from the allowed IP's and only added the peers IP address/32 and 104.26.8.109/32 (which is ipchicken.com which shows your external IP), Save/Apply and wait for some moments and ipchicken.com shows the IP address from my VPN provider and ipleak.net the IP address from my ISP.
So yes it should work not only in theory but also in practice
The example that you mentioned is indeed working fine, great to know.
But I have a different problem that I wanted to solve by this kind of "routing".
I have a SIP/VOIP account at my ISP provider and I can only use it (register) from my IP address at home (for example I cannot register from any public of mobile networks). So I was hoping that by routing the traffic to the SIP registrar via wireguard and my home router I could use the account from other networks too. Sadly this does not work - I can't register to my SIP account even after I made the changes at the wireguard client.
Guess this is more complicated than I thought. Anyway it is not very importand for me so I can live without this (after all there are Viber, WhatsApp and others to use )
Joined: 18 Mar 2014 Posts: 12881 Location: Netherlands
Posted: Mon Apr 13, 2020 6:33 Post subject:
For PBR just use the PBR script and set NAT via tunnel and Route Allowed IP's both to disabled, the script will take care of this (script has been updated to solve a possible bug).
I have PBR running from the GUI in a test build, but it must be tested some more and then be accepted upstream so it will take at least another 6 weeks before we can have PBR via the GUI
The only thing that is causing me some problems is accessing SMB shares from my phone to my internal file server (Linux Samba). But that is another story and I'll have to check my Windows/SMB settings locally.
Good to hear, yes SMB is a real problem we switched to a new KSMBD which is a WIP, some Android apps appear to work , it sometimes helps to set the minimum protocol version to NT 1.0 (on Services /NAS tab) , but I myself switched back to the older Samba36
Just to let you know I've solved the SMB problem as well. It was a simple matter of changing "hosts allow" parameter in the smb.conf file on my server to include also the wireguard network 10.4.0.
Joined: 18 Mar 2014 Posts: 12881 Location: Netherlands
Posted: Tue Apr 14, 2020 9:19 Post subject:
avalx wrote:
egc wrote:
avalx wrote:
The only thing that is causing me some problems is accessing SMB shares from my phone to my internal file server (Linux Samba). But that is another story and I'll have to check my Windows/SMB settings locally.
Good to hear, yes SMB is a real problem we switched to a new KSMBD which is a WIP, some Android apps appear to work , it sometimes helps to set the minimum protocol version to NT 1.0 (on Services /NAS tab) , but I myself switched back to the older Samba36
Just to let you know I've solved the SMB problem as well. It was a simple matter of changing "hosts allow" parameter in the smb.conf file on my server to include also the wireguard network 10.4.0.
Should've thought about this sooner!
Thanks excellent catch.
If you set it in tmp/smb.conf that change is not permanent, but you can place your own smb.conf on permanent storage in jffs/etc/smb.conf it will be read then