Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Speaking of Wireguard, my current topology has all peers talking to a single peer that forwards traffic between peers (for hole punching / peers with dynamic ips).

But some peers are sometimes on the same LAN (eg phone is sometimes on same LAN as pc). Is there a way to avoid forwarding traffic through the server peer in this case?



I guess I'm looking for wireguard's version of STUN. And now that I know what to google for, finally found some promising leads.

https://github.com/jwhited/wgsd

https://www.jordanwhited.com/posts/wireguard-endpoint-discov...

https://github.com/tjjh89017/stunmesh-go


Have your network managing software setup a default route with a lower metric than wireguard default route based on wifi SSID. Can be done easily with systemd-networkd, because you can match .network file configurations on SSID. You're probably out of luck with this approach on network-setup-challenged devices like so called smart phones.


I don't fully understand your topology use case. You have different peers that are "road-warriors" and that sometimes happen to be both on the same LAN which is not your home LAN, and need to speak the one to the other? And I guess you are connecting to the other peer via DNS, so your DNS record always points to the Wireguard-provided IP?


The way I do it is to have two different first level domains. Let's say:

- w for the wireguard network. - h for the home network.

Nothing fancy, just populate the /etc/hosts on every machine with these names.

Now, it's up to me to connect to my server1.h or server1.w depending whether I am at home or somewhere else.


Two separate WG profiles on the phone; one acting as a Proxy (which forwards everything), and one acting just as a regular VPN without forwarding.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: