Is it possible to disable wireguard on specific Wi-Fi ?
Nohk Two
nohktwo at gmail.com
Fri Apr 22 13:00:32 UTC 2022
On 2022/4/22 17:51, Björn Fries wrote:
> Am 22.04.22 um 08:16 schrieb Björn Fries:
>> the way I solve this is that I use a slightly larger /23-subnet in the
>> AllowedIPs=192.168.87.0/23
>>
>> and when I get a local IP inside 192.168.87.0/24 at home, the kernel
>> automatically uses the more specific route.
>
> an example:
> my laptop e.g. has
>
> Address = 172.22.247.58/32
> PrivateKey = xxx
>
> [Peer]
> PublicKey = xxx
> AllowedIPs = 172.22.144.1/32, 192.168.0.0/23
> Endpoint = myhomeIP:51820
> PersistentKeepalive = 25
>
> 172.22.144.1/32 is the wireguard-IP of my wireguard-server at home.
>
> This way I can reach for example my printer at 192.168.0.10 even if I am
> on the move, because my wireguard server is installed on my router at
> home (Unifi USG-3P).
> The printer sends it packets for 172.22.247.58 simply to its default
> gateway, which is my router/wg-server, that forwards it over wireguard.
>
> When I'm in my network at home, my laptop gets the IP 192.168.1.72/24
> and automatically talks to the other devices in the LAN without taking
> the wireguard route, because the subnet is more specific.
I referred to your example and the Android phone is now:
[Interface]
Address = 192.168.19.30/32
DNS = 192.168.87.1, 192.168.87.2
PrivateKey = xxx
[Peer]
PublicKey = xxx
AllowedIPs = 192.168.19.1/32, 192.168.86.0/23
Endpoint = myhomeIP:4999
PresharedKey = xxx
192.168.19.1/32 is my wireguard-IP address of my wireguard-server at home.
It work nicely if the Android phone is on 4G network. But it still
failed when I connect to my LAN's Wi-Fi (no internet accessing and no
LAN accessing). The phone got the LAN IP address 192.168.87.11/24 from
the DHCP server.
Maybe the routing implementation in Android doesn't fit this solution.
Anyway, thank you very much. :)
More information about the WireGuard
mailing list