How can I be sure that my traffic is routing to the Wireguard VPN (lemmy.pt)

submitted 3 weeks ago by CjkOvPDwQW@lemmy.pt to c/selfhosted@lemmy.world

0 comments fedilink hide all child comments

Hi everyone,

So I have a VPN pointing to an home server running 24/7 at 192.168.1.60.

I am using network manger to import the wireguard configuration on my client.

nmcli connection import type wireguard file home.conf

On the client when connecting to another wifi, I couldn't ping the server address, because at the time I thought that since they were using the same subnet 192.168.1.X, the router assumedthat It was a local ip, adding the route manually to my client worked:

sudo ip route add 192.168.1.60/32 via 10.8.0.1 dev home

Later I started thinking that since I have 0.0.0.0/0 in the Allowed Ips, all of my traffic should go by the vpn correct ?

but my route still defaults to the local wifi not the vpn gateway:

$ ip route
default via 192.168.1.254 dev wlp4s0 proto dhcp src 192.168.1.79 metric 600
10.8.0.0/24 dev home proto kernel scope link src 10.8.0.2 metric 10
169.254.0.0/16 dev home scope link metric 1000
192.168.1.0/24 dev wlp4s0 proto kernel scope link src 192.168.1.79 metric 600

shouldn't the default be the 10.8.0.0 line ?

Do I need to run this command every time I enable the Network Manager profile:

sudo ip route replace default via 10.8.0.1 dev home

The output of nmcli:

$ nmcli
wlp4s0: connected to MEO-FAFD00
        "Intel 8260"
        wifi (iwlwifi), 14:AB:C5:84:50:67, hw, mtu 1500
        ip4 default, ip6 default
        inet4 192.168.1.79/24
        route4 192.168.1.0/24 metric 600
        route4 default via 192.168.1.254 metric 600
        inet6 2001:8a0:e953:b600:2b47:f53f:cfd6:1f13/64
        inet6 fe80::bd36:f271:51dd:f0b3/64
        route6 fe80::/64 metric 1024
        route6 2001:8a0:e953:b600::/64 metric 600
        route6 2001:8a0:e953:b600::/64 via fe80::ce19:a8ff:fefa:fcff metric 605
        route6 default via fe80::ce19:a8ff:fefa:fcff metric 600

lo: connected (externally) to lo
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
        inet4 127.0.0.1/8
        inet6 ::1/128

home: connected to home
        "home"
        wireguard, sw, mtu 1420
        inet4 10.8.0.2/24
        route4 default metric 10
        route4 10.8.0.0/24 metric 10
        route4 169.254.0.0/16 metric 1000

My home.conf(removed the private and public keys).

[Interface]
PrivateKey = 
Address = 10.8.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint =  MY_HOME_EXTERNAL_IP:51820

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 10 Jan 2025

1 points (100.0% liked)

Selfhosted

41692 readers

154 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz