Then I told my phone and laptop to send any ips from my local subnet though the wireguard tunnel
Wait, so when you had your wireguard VPN up, you told it to route most traffic through the VPN, but IPs which were the same as your home network (I’m guessing maybe a 192.168.0.1/32 or something) you told it to send those through a different tunnel to your home network?
The end result is that if you went to say tuffminecraft.local and you were on your laptop in a hotel or something, it would use wireguard to send the packets to your home minecraft server as if you were at home?
What setup did this require? A wireguard server at home accepting connections from outside, a wireguard client on your laptop and phone… I guess the wireguard client would have to know to forward any “.local” DNS query over the tunnel to the wireguard server which would then contact technitium?
Also the dhcp server on technitium can be set to automatically generate and propogate a domain name for any device that connects
I think this is pretty standard with dhcp/dns. I have that with my pihole, but some devices don’t handle DHCP the way others do, so they don’t get nice names assigned via DNS. I think that’s a limitation of DHCP and everyone’s different implementation of it, rather than a limitation of pihole, dnsmasq, etc. But, maybe technitium handles weird DHCP clients better?
No i would only have one tunnel set up with an allowed range that was my local subnet at home (192.168.20.0/24) on the wireguard server you can set a dns for those connections and also in the client interface so when the laptop tried to ask the dns for an address it would talk to my home dns.
If the ip it was given was an external ip, outside of my LAN then the laptop just went though local wifi or whatever outside of the vpn tunnel to find the resource, but if it was inside the home range it pulled the connection straight from home via the tunnel.
The home dns had dnd records for all my local services pointing to my reverse proxy so if it got a request for lubelogger.local it just pointed the browser to the ip of the reverse proxy which knew to send a request for lubelogger.local to the correct ip:port on the lan.
It meant I could use domain names safely without having them exposed to the world.
Technitium let’s you do domain replication to as many other instance as you want so I always planned to set up a second dns at my mum’s house in case mine went down but never go around to it.
Implementation was a wireguard server running on an old rpi1
Technitium running on a seperate machine
Told the wireguard server to use technitium as it’s dns
Wireguard on device with an allowed range of my local subnet.
Add a dns record for any service you want accessible on technitium, use a tld that no one else uses online. I used.local, you’re supposed to use.apra but I didn’t like the look of it.
Add your domain entry to your reverse proxy as normal.
Note the more I think about this i may have just gotten lucky because I had already visited those domains at home so when I was off site and typed in the domain the laptops list of hosts knew to try the local ip and it was funnelled straight though the tunnel.
I had some persistent network instability during a busy time and had to strip things back so don’t have this set up anymore. After exams I’ll try it again.
Re the dhcp. It may be common now days. I use quite an old ISP supplied router so when it was handling dhcp I could only rarely use a devices host name to address it on my local network. Technitium never had that problem
Yeah, ISP routers suck. You wouldn’t believe how bad the one I use is. If you turn off DHCP on the router you lose the ability to set the router’s IP address and netmask. (And the netmask is locked to a /32). The only way to set the router’s IP address is to turn on DHCP, while DHCP is on set the router’s address, and then turn off DHCP. Needless to say, the router’s DHCP is completely off.
Wait, so when you had your wireguard VPN up, you told it to route most traffic through the VPN, but IPs which were the same as your home network (I’m guessing maybe a 192.168.0.1/32 or something) you told it to send those through a different tunnel to your home network?
The end result is that if you went to say tuffminecraft.local and you were on your laptop in a hotel or something, it would use wireguard to send the packets to your home minecraft server as if you were at home?
What setup did this require? A wireguard server at home accepting connections from outside, a wireguard client on your laptop and phone… I guess the wireguard client would have to know to forward any “.local” DNS query over the tunnel to the wireguard server which would then contact technitium?
I think this is pretty standard with dhcp/dns. I have that with my pihole, but some devices don’t handle DHCP the way others do, so they don’t get nice names assigned via DNS. I think that’s a limitation of DHCP and everyone’s different implementation of it, rather than a limitation of pihole, dnsmasq, etc. But, maybe technitium handles weird DHCP clients better?
No i would only have one tunnel set up with an allowed range that was my local subnet at home (192.168.20.0/24) on the wireguard server you can set a dns for those connections and also in the client interface so when the laptop tried to ask the dns for an address it would talk to my home dns.
If the ip it was given was an external ip, outside of my LAN then the laptop just went though local wifi or whatever outside of the vpn tunnel to find the resource, but if it was inside the home range it pulled the connection straight from home via the tunnel. The home dns had dnd records for all my local services pointing to my reverse proxy so if it got a request for lubelogger.local it just pointed the browser to the ip of the reverse proxy which knew to send a request for lubelogger.local to the correct ip:port on the lan.
It meant I could use domain names safely without having them exposed to the world.
Technitium let’s you do domain replication to as many other instance as you want so I always planned to set up a second dns at my mum’s house in case mine went down but never go around to it.
Implementation was a wireguard server running on an old rpi1 Technitium running on a seperate machine Told the wireguard server to use technitium as it’s dns Wireguard on device with an allowed range of my local subnet. Add a dns record for any service you want accessible on technitium, use a tld that no one else uses online. I used.local, you’re supposed to use.apra but I didn’t like the look of it. Add your domain entry to your reverse proxy as normal.
Note the more I think about this i may have just gotten lucky because I had already visited those domains at home so when I was off site and typed in the domain the laptops list of hosts knew to try the local ip and it was funnelled straight though the tunnel.
I had some persistent network instability during a busy time and had to strip things back so don’t have this set up anymore. After exams I’ll try it again.
Re the dhcp. It may be common now days. I use quite an old ISP supplied router so when it was handling dhcp I could only rarely use a devices host name to address it on my local network. Technitium never had that problem
Thanks for the details.
Yeah, ISP routers suck. You wouldn’t believe how bad the one I use is. If you turn off DHCP on the router you lose the ability to set the router’s IP address and netmask. (And the netmask is locked to a /32). The only way to set the router’s IP address is to turn on DHCP, while DHCP is on set the router’s address, and then turn off DHCP. Needless to say, the router’s DHCP is completely off.
yeah I’m gearing up to deeply my own little opnsense box as a router