WireGuard, local network unreachable
What to do when you find yourself under a network with the same IP range that your VPN
I started using WireGuard recently to access my Home Assistant server from my phone. It worked like a charm until I found myself at a friend's house a couple of days ago and suddenly it stopped working as expected.
Problem
I tried to access my Homer dashboard at 192.168.1.x:8080 but it never responded... Home Assistant at 192.168.1.x:8123... nothing, everything started to fail even though the internet connection was working fine and the WireGuard connection was active.
Troubleshooting
The first thing I noticed was that the IP of the router(192.168.1.1) was indeed responding... only that it was not my router but my friend's. We were obviously under the same subnet range! And it seemed to be the root cause of the problem.
Solution
On a typical configuration you will have all network traffic forwarded to WireGuard using: (pay attention to AllowedIPs specifically)
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = yourdomain.com:51820
Then we can specify an IP address so it will route traffic to the VPN instead of the local network. In my case, I just needed to add my Home Assistant server since all the services I need are under the same IP:
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0, ::/0, 192.168.1.11/32
Endpoint = yourdomain.com:51820
Or if you want to route the whole range 192.168.1.0 - 192.168.1.255 you can use something like:
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0, ::/0, 192.168.1.0/24
Endpoint = yourdomain.com:51820
So this should fix your problem but the better solution would be configuring your network under some less common IP range to avoid the collision.
Useful links:
- Unofficial WireGuard Documentation - I found this while searching for possible solutions
- CIDR notation - How to write the IP addresses in the config file