I assume you have set the client configs to connect to something like "vpn.example.com:<port>" . How does DNS resolve this when inside your local LAN?  Does it resolve to the same public IP address that your DSL router is connected to, or does it resolve to an internal address like 192.168.1.1?

The way I have this working is to ensure that my VPN URL always resolves to the external IP address, even when I am inside my home network.  To do that I had to update my DNS server configuration to make sure that my VPN URL is always resolved by an external DNS provider... I have my own custom network gateway/router and set dnsmasq.static to include the line...

server=/vpn.example.com/8.8.8.8

Now this works for me because my wireguard server is running on my custom gateway/router... no NAT forwarding to an internal host running wireguard.  If you are running wireguard on an internal server then you also need to make sure that your firewall rules don't block connections to your external interface from your local LAN and do the right NATing -- which is probably not permitted by default.  I forget how to do this, but I'm sure google will find some instructions.

David





On Mon, Aug 5, 2019 at 2:57 PM <boerner@t-online.de> wrote:
Hey all,

I've recently set up my private VPN with Wireguard. I am running my local server behind a DSL router with a variable public IP address, accessible via dyndns and NAT, and several mobile clients (Android, Notebooks).
Everything is working fine so far, except of one issue that I would like discuss here:
Roaming doesn't work reliably when a device leaves or re-enters the home LAN, nor when the public IP address is changed by my ISP. The reason seems clear to me: In these cases both peers change their IP address simultaneously whereas the Wireguard protocol relies on only one address changing at a time.

My approach would be to shut down Wireguard on the clients as long as they are connected to their home network locally and to bring up the tunnel only when they leave the home network. Besides the roaming issue it  would be desirable to use the local connection when it is available rather than to take the detour over the internet. And it  should be done automatically so users need not remember to switch on/off VPN all the time.
My idea was to use Tasker to perform something like wg-quick up|down tun1 accordingly, but the Wireguard command line tools wg and wg-quick don't seem to be available (anymore). In older forum posts I've seen that you can install them from the app settings, but in my version (v0.0.20190708) this option is not available.

Does anybody know about another solution? Or, as a question to the developers, would it be a big deal to bring back the command line feature?

Thanks, Tom




_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard