No i would only have one tunnel set up with an allowed range that was my local subnet at home (192.168.20.0/24) on the wireguard server you can set a dns for those connections and also in the client interface so when the laptop tried to ask the dns for an address it would talk to my home dns.
If the ip it was given was an external ip, outside of my LAN then the laptop just went though local wifi or whatever outside of the vpn tunnel to find the resource, but if it was inside the home range it pulled the connection straight from home via the tunnel.
The home dns had dnd records for all my local services pointing to my reverse proxy so if it got a request for lubelogger.local it just pointed the browser to the ip of the reverse proxy which knew to send a request for lubelogger.local to the correct ip:port on the lan.
It meant I could use domain names safely without having them exposed to the world.
Technitium let’s you do domain replication to as many other instance as you want so I always planned to set up a second dns at my mum’s house in case mine went down but never go around to it.
Implementation was a wireguard server running on an old rpi1
Technitium running on a seperate machine
Told the wireguard server to use technitium as it’s dns
Wireguard on device with an allowed range of my local subnet.
Add a dns record for any service you want accessible on technitium, use a tld that no one else uses online. I used.local, you’re supposed to use.apra but I didn’t like the look of it.
Add your domain entry to your reverse proxy as normal.
Note the more I think about this i may have just gotten lucky because I had already visited those domains at home so when I was off site and typed in the domain the laptops list of hosts knew to try the local ip and it was funnelled straight though the tunnel.
I had some persistent network instability during a busy time and had to strip things back so don’t have this set up anymore. After exams I’ll try it again.
Re the dhcp. It may be common now days. I use quite an old ISP supplied router so when it was handling dhcp I could only rarely use a devices host name to address it on my local network. Technitium never had that problem
Yeah, ISP routers suck. You wouldn’t believe how bad the one I use is. If you turn off DHCP on the router you lose the ability to set the router’s IP address and netmask. (And the netmask is locked to a /32). The only way to set the router’s IP address is to turn on DHCP, while DHCP is on set the router’s address, and then turn off DHCP. Needless to say, the router’s DHCP is completely off.
No i would only have one tunnel set up with an allowed range that was my local subnet at home (192.168.20.0/24) on the wireguard server you can set a dns for those connections and also in the client interface so when the laptop tried to ask the dns for an address it would talk to my home dns.
If the ip it was given was an external ip, outside of my LAN then the laptop just went though local wifi or whatever outside of the vpn tunnel to find the resource, but if it was inside the home range it pulled the connection straight from home via the tunnel. The home dns had dnd records for all my local services pointing to my reverse proxy so if it got a request for lubelogger.local it just pointed the browser to the ip of the reverse proxy which knew to send a request for lubelogger.local to the correct ip:port on the lan.
It meant I could use domain names safely without having them exposed to the world.
Technitium let’s you do domain replication to as many other instance as you want so I always planned to set up a second dns at my mum’s house in case mine went down but never go around to it.
Implementation was a wireguard server running on an old rpi1 Technitium running on a seperate machine Told the wireguard server to use technitium as it’s dns Wireguard on device with an allowed range of my local subnet. Add a dns record for any service you want accessible on technitium, use a tld that no one else uses online. I used.local, you’re supposed to use.apra but I didn’t like the look of it. Add your domain entry to your reverse proxy as normal.
Note the more I think about this i may have just gotten lucky because I had already visited those domains at home so when I was off site and typed in the domain the laptops list of hosts knew to try the local ip and it was funnelled straight though the tunnel.
I had some persistent network instability during a busy time and had to strip things back so don’t have this set up anymore. After exams I’ll try it again.
Re the dhcp. It may be common now days. I use quite an old ISP supplied router so when it was handling dhcp I could only rarely use a devices host name to address it on my local network. Technitium never had that problem
Thanks for the details.
Yeah, ISP routers suck. You wouldn’t believe how bad the one I use is. If you turn off DHCP on the router you lose the ability to set the router’s IP address and netmask. (And the netmask is locked to a /32). The only way to set the router’s IP address is to turn on DHCP, while DHCP is on set the router’s address, and then turn off DHCP. Needless to say, the router’s DHCP is completely off.
yeah I’m gearing up to deeply my own little opnsense box as a router