28
A question re. #wireguard (social.graves.cl)
submitted 5 days ago by alvaro@social.graves.cl to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments

A question re. #wireguard

When I'm away from home I usually connect to my home (US) and my server (Europe). However sometimes (not always) the connection to my home is blocked, I don't know if it is caused by my phone company or my ISP. I blame the latter, because the connection to my european server never fails.

I wonder if there is something I can do in those cases?
I guess I could try to redirect the traffic to use the european server as a proxy, but that would make things slower the 90% of the time this isn't a problem. Also, this would require me to switch wireguard connections manually, which is not ideal, especially if I'm driving.

Another alternative would be tailscale (maybe with headscale), but I'd rather keep my infrstructure as wireguard only.

Any ideas? cc @selfhosted@lemmy.world @selfhost@lemmy.ml

you are viewing a single comment's thread
view the rest of the comments
[-] just_another_person@lemmy.world 4 points 5 days ago

If Wireguard loses its connection, it doesn't automatically requery the host and reconnect AFAIK. So if name resolution fails, or you're on dynamic DNS and the IP changes, it's not going to fix itself.

[-] MangoPenguin@lemmy.blahaj.zone 2 points 5 days ago

Yeah this is why OpenVPN is better for roaming clients in most cases.

[-] vividspecter@lemm.ee 2 points 5 days ago

Or just use tailscale/headscale/netbird and keep the underlying wireguard performance.

[-] MangoPenguin@lemmy.blahaj.zone 1 points 4 days ago

Tailscale in my experience does not run as kernel mode wireguard so performance is not great, but maybe that's changed.

Not sure about Netbird, but the Android app reviews are poor and it does not sound reliable.

[-] sugar_in_your_tea@sh.itjust.works 2 points 5 days ago

And by default, WireGuard doesn't keep the connection alive when there's no traffic. You can tune this in settings, which I've done because I'm behind CGNAT and need a persistent connection.

[-] alvaro@social.graves.cl -1 points 5 days ago

@just_another_person@lemmy.world the name resolution is not the issue, the ip hasn't changed

[-] lorentz@feddit.it 1 points 5 days ago

Could it be that the domain name has both IPv4 and IPv6 and depending on the network you try to reach one or another? Wireguard can work on both protocols, but from my experience it doesn't try both to see which one works (like browsers do). So if at the first try the dns resolves the "wrong" IP version, wireguard cannot connect and doesn't fallback trying the alternative.

[-] just_another_person@lemmy.world -1 points 5 days ago

Then try setting PersistentKeepalive on the client

[-] alvaro@social.graves.cl 0 points 5 days ago

@just_another_person@lemmy.world no, the issue is not keepalive, since it cannot connect in the first place... moving to another wifi (instead of celullar) works fine, so it is not a problem with my configuration.

[-] just_another_person@lemmy.world 1 points 5 days ago* (last edited 5 days ago)

You might want to put these pertinent details in your post.

If you're on a cellular network that has CGNAT, Wireguard may not be able to work. Same deal if it's an IPv6 network.

[-] alvaro@social.graves.cl -1 points 5 days ago

@just_another_person@lemmy.world Thanks, but I did

However sometimes (not always) the connection to my home is blocked,

I guess tailscale will have to do

[-] just_another_person@lemmy.world -1 points 5 days ago

Tailscale is Wireguard. If it works, then something is wrong with your Wireguard configs.

[-] alvaro@social.graves.cl 2 points 5 days ago

@just_another_person@lemmy.world Tailscale is way more than WireGuard but ok

[-] just_another_person@lemmy.world -4 points 5 days ago

Friend...Tailscale uses the same Wireguard protocol as everything else. If Tailscale is working, but your solo configs aren't, it's not a Wireguard problem, it's a config problem. Guaranteed.

[-] alvaro@social.graves.cl 1 points 5 days ago

@just_another_person@lemmy.world

I never said my config is not working, I said sometimes (some cellular connections, but not all) it is not working, that is a huge difference.

I highly recommend you educate yourself a bit https://tailscale.com/compare/wireguard
https://tailscale.com/blog/how-tailscale-works#DERP

TLDR

Tailscale is built on TOP of Wireguard, but has a few goodies that Wireguard doesn't provide.

this post was submitted on 06 Oct 2024
28 points (91.2% liked)

Selfhosted

39575 readers
301 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz