Wireguard VPN on mobile when inside LAN

Started by kermitxyz, March 19, 2026, 11:29:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 19, 2026, 11:29:39 PM
I have a wireguard VPN on my mobile which connects to OPNSense over 5G when I am away.  This works fine.  But, when I am back and the phone connects to the LAN via WiFi and the phone no longer connects to servers etc.

I understand that I need to do something to make this work, so I can just leave the VPN client connected all the time.  It would be much easier than having to manually turn the VPN client on and off every time I go out / come home.

Please could anyone help with this?  Is this best practice? 
March 20, 2026, 12:25:00 PM #1 Last Edit: March 20, 2026, 12:28:07 PM by vimage22
On my android phone, I noticed this as well. There was a preference to 'allow other apps to trigger wireguard', or something to that effect. I believe this defaulted to "on". It is off now, and have not noticed an auto connect. In my case, I prefer to manually activate when away.
If you lose functionality on LAN, you need to look at how "Endpoint address" is configured, on the phone. Does it route all traffic, or just LAN traffic?
March 20, 2026, 10:52:11 PM #2
The endpoint is for example "vpn.domain" which resolves to the Static IP of the OPNSense WAN interface.

I think the issue is that from external networks this resovles to say 80.12.15.40 but inside the LAN this doesn't work as it's the IP of the external OPNSense interface.

I think I might need "split DNS"?  I have created an override in Unbound DNS so from inside the LAN "vpn.domain" resolves to the LAN IP of the OPNSense router.

But services still don't work...?

Print
Go Up Pages1
User actions