How to detect the IP CAM on LAN from WG tunnel ?

Nohk Two nohktwo at gmail.com
Thu Jun 20 14:52:10 UTC 2024


Hi,

This seems a common question but I don't know how do you solve this problem.

My machine has an ethernet interface: eth0
   It's network is 192.168.100.1/24

I created a wireguard interface thru eth0: wg0
   It's network is 192.168.128.1/24

I have an IP CAM on the LAN: cam1
   It's network is 192.168.100.21/24
   This is physically on the same LAN as my machine's eth0.

My machine has a MASQUERADE iptable entry in the nat table:
   iptables -t nat -A POSTROUTING -s 192.168.128.0/24 -o eth0 -j MASQUERADE

My phone uses the wireguard connect to my machine's wg0.
   This wireguard configuration allow 192.168.100.0/24.
   My phone's wireguard VPN IP address 192.168.128.10/24.

So my phone should be able to connect to my IP CAM without problem.
   192.168.128.10(phone) source NAT as 192.168.100.1(eth0) then connect to 192.168.100.21(cam1)
   192.168.100.21(cam1) reply to 192.168.100.1(eth0) then NAT rewrite to 192.168.128.10(phone)

However, the IP CAM's mobile App on my phone never remember the IP CAM's IP address and will always scan the network to find out the IP CAM. Then Failed if my phone uses the wireguard VPN.

Maybe the problem is that my phone and the IP CAM have different network, 192.168.128.0/24 vs 192.168.100.0/24.

How do you solve this problem ?


More information about the WireGuard mailing list