Selfhosted

44058 readers

547 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Wiregaurd split tunnel issues? (sh.itjust.works)

submitted 16 hours ago* (last edited 14 hours ago) by Steamymoomilk@sh.itjust.works to c/selfhosted@lemmy.world

5 comments fedilink hide all child comments

I dont mean to be a bother, but recently i got wiregaurd setup so myself and my friends can access resources such as my server. i have it setup for the client and the server to only allow 192.168.8.170. To be tunneled, so for example my friends can google and resolve DNS just fine and its all in there network, then when they want to access the server it will be at 192.168.8.170 and the docker services will run on ports for example 8080:80. and to be honest it works great for me and friend 1. but for friend 2 DNS doesnt resolve???

he can ping 9.9.9.9 he can acess the services on 192.168.8.170 but he cant resolve DNS when wiregaurded in.

his network has ipv6 and ipv4, my network only has ip4 and friend 1's network is ipv4 only. do you smart people on the internet think ipv6 could be an issue? friend 2 is running linux mint if that matters. I know a little about networking but by no means am an network engineer.

its a slight issue friend 2 really wants to be able to google and play command and conquer pvp at the same time. any help would be greatly appreciated as im kinda stumped!

-edit SOLVED i had a DNS for the client config and i just had to remove it client side.

top 5 comments

sorted by: hot top controversial new old

[–] njordomir@lemmy.world 1 points 15 hours ago

Has friend 2 set his name servers to something custom, or is he using your network's default? My partner uses an iPhone and it has some sort of built in DNS so she doesn't benefit from me installing DNS based adblock on the network. You could see if a similar thing is at play.

[–] possiblylinux127@lemmy.zip 1 points 15 hours ago (1 children)

What DNS resolvers are being used?

[–] Steamymoomilk@sh.itjust.works 1 points 14 hours ago (1 children)

i figured it out i had dns in the client wiregaurd config

[–] Xanza@lemm.ee 1 points 12 hours ago

https://qu.ax/VSrfL.jpg

[–] litchralee@sh.itjust.works -1 points 15 hours ago

You and friend 1 have working setups. Friend 2 can't seem to get their setup to work. So the problem has to be specific to friend 2's machine or network.

To start at the very basics, when WG is disabled, what are friend 2's DNS servers, as listed in "/etc/resolve.conf" (Linux) or in "ipconfig" on Windows. This can be an IPv4 or IPv6 address. Whatever it is, take note of it. Also try to ping it and make sure the ping is successful.

Then have friend 2 enable WG. Now try pinging the same DNS servers again. If this fails, you are one step closer to the problem. If this succeeds, then check to see if WG caused new DNS servers to replace the former ones.

One possibility is that friend 2's home network also uses 192.168.8.X, and so the machine tries to reach the DNS servers by going through WG. But we need more details before making this conclusion.

You also said friend 2 can ping 9.9.9.9 (aka Quad9), but is this friend using Quad9 as their DNS server? If so, what exactly is observed when you say that "DNS doesn't resolve"? Is this an error in a browser or the result from running "nslookup" in the command line?

IPv6 isn't likely to be directly responsible for DNS resolution failures, but a misconfigured WG tunnel that causes an IPv6 DNS server to be blackholed is one way to create resolution failure. It may also just be red herring, and the issue is contained entirely to IPv4. I would not recommend turning off IPv6, because that's almost always the wrong answer and sweeps the other problems under the rug.