So, I imported my connection-configuration provided from OPNsense Wireguard VPN.

The connection is working on an old (<10 years) Android Phone. But from within Linux (same config) I am unable to resolve subnet ip addresses. I can still access the internet though.

So; Am I using my origin connection to resolve foreign ips or am I using my VPN DNS? Why am I unable to access my subnet ip addresses on my linux machine?

The Linux machine is 6.13.30-arm64 with /etc/debian_version pointing to 13.0.

I have installed wireguard-tools and network-manager only. I have also wireguard installed but it doesn’t make a difference and its usage is for hosting a endpoint.

Again: It works for other machines like intended. If of concern: I am running XFCE.

  • just_another_person@lemmy.world
    2·
    2 days ago
    1. what are your routes before and after connecting to the VPN?
    2. You say “resolve”, do you mean by DNS, or you actually can’t ping the actual IP address once connected?
    3. What is your Wireguard server config?
    • 7dev7random7@suppo.fiOP
      1·
      2 days ago
      1. my routes doesn’t change: default via 192.168.66.110 dev wlP6p1s0 proto dhcp src 192.168.66.211 metric 600 and 192.168.66.0/24 dev wlP6p1s0 proto kernel scope link src 192.168.66.211 metric 600.
      2. After some seconds I can access the internet but not my subnet IPs I should be able to ping. So I was wondering if I am even using my VPN connection. I can observe my outgoing connections on my opnsense (but not when doing this on my computer, the device in question).
      3. It just contains:
      [Peer]
PublicKey = X
Endpoint = IP:NondefaultPort
AllowedIPs = 0.0.0.0\0,::/0

      My tunnel address should be 10.200.0.13/32 once connected.

      • just_another_person@lemmy.world
        2·
        2 days ago

        If your routes aren’t changing, then your device, as a client, isn’t going to reach anything. You’ll need to see a route for the 10.20.0.0/24 subnet show up that points to whatever the endpoint address is on the other end.

        So if that’s all your server config is, it’s only going to allow one peer at a time. You can confirm this by disconnecting your android device from the tunnel, and then connecting using the same info from your Linux device.

        You also at a minimum should have PostUP and PostDown directives to properly forward incoming traffic on your wg interface.

        • 7dev7random7@suppo.fiOP
          0·
          1 day ago

          If your routes aren’t changing, then your device, as a client, isn’t going to reach anything. You’ll need to see a route for the 10.20.0.0/24 subnet show up that points to whatever the endpoint address is on the other end.

          Nope, none shows up. I am looking via ip route, right?

          So if that’s all your server config is, it’s only going to allow one peer at a time. You can confirm this by disconnecting your android device from the tunnel, and then connecting using the same info from your Linux device.

          Just looked up the config created by opnsense. You were right. I had to restart wireguard to update the config file so that my other peers (like this debian machine) could connect. Thank’s for helping me out!

          You also at a minimum should have PostUP and PostDown directives to properly forward incoming traffic on your wg interface.

          That is hopefully managed by NetworkManager, isn’t?

          • just_another_person@lemmy.world
            1·
            1 day ago

            I missed that you said you were using OPNsense, so the up/down would be handled there. If it’s working now, don’t worry about it.