<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Doesn't a routing rule solve this issue?<br><br><div id="AppleMailSignature" dir="ltr">~Derrick • iPhone</div><div dir="ltr"><br>On Aug 14, 2019, at 6:36 PM, Oliver Benning <<a href="mailto:obenning@fieldeffect.com">obenning@fieldeffect.com</a>> wrote:<br><br></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<b>My setup (may be unrelated):</b></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I have a public endpoint hosted on Digital Ocean, which I connect to simply through its external IP address as the endpoint. It was setup using Streisand.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
The endpoint itself acts as a DNS resolver within the tunnel for ad blocking purposes, so the WireGuard profile uses the endpoint's internal IP address in the DNS field. This setup has been documented online.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<b>The issue (on both Mac and iPhone clients):</b></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I would like to exclude private IPs from the tunnel to connect to internal resources. Connection works fine with AllowedIPs=0.0.0.0/0, it does not work when using the "Exclude private IPs option".</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Log just shows:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
[NET] peer(5m6B…jmno) - Sending handshake initiation<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
[NET] peer(5m6B…jmno) - Failed to send handshake initiation write udp4 0.0.0.0:63865->[EXTERNAL-IP]:51820: sendto: network is unreachable<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I also have tried using a set of CDR blocks such that the droplet's external ip is excluded from the range and that did not work either. If I have a misconception about the configuration or there is something I should try please let me know.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<b>Recommendation</b></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
This may have a been recommended below but I would highly suggest a list of IPs to subtract from the tunnel. My ideal scenario would be:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">
<p style="color: rgb(248, 66, 146); margin: 0px; font-style: normal; font-variant-caps: normal; font-weight: normal; font-stretch: normal; font-size: 15px; line-height: normal; font-family: "Helvetica Neue";">
<b>AllowedIPs</b><span style="color: #ffffff"> = </span><span style="color: #4491fa">0.0.0.0</span><span style="color: #64a780">/0</span></p>
<p style="margin: 0px; font-style: normal; font-variant-caps: normal; font-weight: normal; font-stretch: normal; font-size: 15px; line-height: normal; font-family: "Helvetica Neue";">
<b style="color: rgb(248, 66, 146);">ExceptedIPs</b><span style="color: rgb(255, 255, 255);"> =
</span><span style="color: rgb(68, 145, 250);">192.168.1.0</span><font color="#64a780"><span style="caret-color: rgb(100, 167, 128);">/24</span></font></p>
<p style="margin: 0px; font-style: normal; font-variant-caps: normal; font-weight: normal; font-stretch: normal; font-size: 15px; line-height: normal; font-family: "Helvetica Neue";">
<font color="#64a780"><span style="caret-color: rgb(100, 167, 128);"><br>
</span></font></p>
<div style="margin: 0px; font-style: normal; font-variant-caps: normal; font-weight: normal; font-stretch: normal; font-size: 15px; line-height: normal; font-family: "Helvetica Neue";">
<span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: rgb(255, 255, 255); display: inline !important">Cheers,</span><br>
</div>
<div style="margin: 0px; font-style: normal; font-variant-caps: normal; font-weight: normal; font-stretch: normal; font-size: 15px; line-height: normal; font-family: "Helvetica Neue";">
<span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: rgb(255, 255, 255); display: inline !important">Oliver</span></div>
<br>
</div>
</div></blockquote><blockquote type="cite"><div dir="ltr"><span>_______________________________________________</span><br><span>WireGuard mailing list</span><br><span><a href="mailto:WireGuard@lists.zx2c4.com">WireGuard@lists.zx2c4.com</a></span><br><span><a href="https://lists.zx2c4.com/mailman/listinfo/wireguard">https://lists.zx2c4.com/mailman/listinfo/wireguard</a></span><br></div></blockquote></body></html>