My friendly 2 pence, my mobile provider me a 10.x.x.x IP with CNAT (carrier grade NAT) when I'm on mobile data.
Could you not set your subnet mask on the wireguard and home to 255.255.0.0 then you can see the whole 10.0.x.x block in a broadcast?
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
My friendly 2 pence, my mobile provider me a 10.x.x.x IP with CNAT (carrier grade NAT) when I'm on mobile data.
Could you not set your subnet mask on the wireguard and home to 255.255.0.0 then you can see the whole 10.0.x.x block in a broadcast?
Where would I set the subnet mask?
I do not understand how to apply most networking concepts effectively - I only run Opnsense to get a router that has actual software updates, not because I now how to use it (no experience with networking otherwise).
In WireGuard I specify the 10.0.66.XX subnet directly without DHCP. In Opnsense, I’m not sure where to look and searching for it didn’t help illuminate anything obvious.
So the subnet mask is got from the device handing out dhcp. Not 100% sure but on my android the subnet mash for wireguard is as /24 set on the device and also matching in the wireguard settings in opnsense. Opnsense is very very powerful, I would watch a few videos on YouTube about subneting, wireguard routing & dhcp. Its gonna be quite the learning curve (or could be)
As to why everything has stopped working who knows....
Who knows indeed, I'm beginning to suspect that it was able to connect via the internet (and that stopped working) and I just never noticed so the VPN was a superfluous extra step.
But I did try in the [Peer] definition setting the allowed IPs to: 10.0.66.10/16 instead of 10.0.66.10/32, which should expand the allowed range to 10.0.69.XXX. Alas, that did not work.
Edit: Also tried assigning the [Peer] to an unused IP in the 10.0.69.XXX range directly, but that made nothing work so not the way either.
Both devices need the same subnet mask, otherwise only one can see the "extra addresses" but in my opnsense I think I and to add some firewall router between LAN & WG0
Setting the WG [Interface] range to 10.0.66.0/16, along with the [Peer] to 10.0.66.10/16, and the Opnsense DHCP range in Interfaces->LAN to /16 made no connection to the internet or local occur.
This feels like banging rocks together hoping for fire - not for me (but maybe reading stuff for a bit will help, maybe)
Check your firewall logs (Status -> System Logs -> Firewall for pfSense, can't remember for opnsense). I'd suspect you might see blocks from 10.0.66.x to your Playstation.
I don't see any - but I guess it makes sense, the Opnsense computer isn't involved by design in local network activity. The Opnsense comp goes to a switch that all other LAN also connect to, and I assume the switch routes so the Opnsense comp connection doesn't get bottlenecked. I indeed forgot that's how it worked till now - thanks for the suggestion, helped me internalize a bit more infrastructure at least!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
IP | Internet Protocol |
NAT | Network Address Translation |
VPN | Virtual Private Network |
3 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.
[Thread #159 for this sub, first seen 23rd Sep 2023, 19:25] [FAQ] [Full list] [Contact] [Source code]
I did a wireshark packet capture and found the wake-up packet is on UDP 987. I can only capture broadcasts, not specific stuff it looks like. Source: 10.0.69.69(iOS device IP) Destination: 10.0.69.255 Protocol: UDP Length: 105 Info 57477(or 62764, 62335, 60311 as source ports) -> 987 Len=63
Note the IP of the PS4 is 10.0.69.150
I'm not sure what to do with this, though. Nothing I tried worked (e.g., jamming 987 into the IP tables iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A PREROUTING -p udp --dport 987 -j DNAT --to-destination 10.0.69.150:987; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -t nat -A POSTROUTING -p udp -d 10.0.69.150 --dport 987 -j SNAT --to-source 10.0.66.10:987
based on https://serverfault.com/questions/586486/how-to-do-the-port-forwarding-from-one-ip-to-another-ip-in-same-network).
Additionally setting the Wireguard mask to 10.0.66.1/16 makes the WG connection not route successfully, and setting the mask in OpnsenseRouter->Interfaces->[LAN]->(under Static IPv4 configuration section) to 16 did nothing. Oh well, this seems beyond me