Keep internet connection at home while connected via wireguard

Started by Nikotine, February 23, 2025, 11:36:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 23, 2025, 11:36:58 PM
I use a wireguard connection to my home opnsense firewall when not at home. That way I have the advantage of adblocked traffic and access to my home servers.
When i get home however, my phone connects to the home wifi and I lose internet connection, unless I disable wireguard.
Ideally I would leave wireguard active all day long, and not have to worry about this.

I have enabled all three reflection settings.
What else could I setup?
February 24, 2025, 10:54:52 AM #1
Not really a solution based on OPNsense, and only for iPhone users:

If you got an iPhone: The official Wireguard app has a feature called On-Demand in which you can set excludes for when to be connected. You can exclude Wifi SSID's and when on cellular or not. The Android app doesn't have that feature
Deciso DEC740
February 24, 2025, 11:45:32 AM #2
WG should be able to work from your home LAN. Are you losing the WG connection (check for handshakes on either end - phone client or [VPN > WireGuard > Status] on OPNsense), or is it just routing to the internet that's not happening? Do you have access to your LAN hosts? If the handshakes are not happening, you probably have some firewall rule on your LAN interface that's blocking WG (UDP 51820 or whatever).
February 24, 2025, 11:54:22 PM #3
Quote from: dseven on February 24, 2025, 11:45:32 AMWG should be able to work from your home LAN. Are you losing the WG connection (check for handshakes on either end - phone client or [VPN > WireGuard > Status] on OPNsense), or is it just routing to the internet that's not happening? Do you have access to your LAN hosts? If the handshakes are not happening, you probably have some firewall rule on your LAN interface that's blocking WG (UDP 51820 or whatever).
No more handshakes as soon as I'm on the home wifi. No internet at all really, can't even reach LAN hosts.
The firewall rules for LAN allow access to all (default allow LAN to any).
February 25, 2025, 12:45:11 PM #4
Something must be blocking it. I'd try a packet capture on the LAN interface on OPNsense, for port 51820 (or whatever you're using) as a start...
Today at 08:38:04 AM #5 Last Edit: Today at 10:59:01 AM by Nikotine
The problem seems to be DNS related.

My WG endpoint is home.<mydomain.com>:<port>.
The DNS records for this address (at my domain hosting service) point to my home IP.
This works perfectly when I'm not home, but stopped working when I arrived home.

I have set the Domain setting in Opnsense under System>Settings>General to home.<mydomain.com> as well.
I assumed that this would resolve to the opnsense IP address (where the WG server runs) when I'm home, but that's didn't seem to work (at least not for WG).
I have now added home.<mydomain.com> to Unbound's domain overrides.
This seems to have solved me being able to stay connected to WG at home, except, the switching doesn't happen smoothly.

Coming home now, I still lose internet connection. I need to manually disable WG, wait a while and then reconnect for it to use the internal IP address.
Same when I leave the house.
I'm testing this by disabling wifi on my phone, so that the WG connection needs to swith to my phone service provider.

How can I ensure a smooth transition from phone service to wifi and vice versa, while staying connected to WG?
Print
Go Up Pages1
User actions