Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.3K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

ItzTrain

Ok # and heads. I'm having a hard time figuring this out. I have a service that I'm hosting that I'm currently routing all of it's outbound traffic through a VPN provider and wiregaurd. However, when I do that I lose all connectivity to the service because.. All traffic is moving through wiregaurd. I have tried AllowedIPs= that didn't seem to work. I tried a bunch of Preup and PostUP stuff and that didn't seem to work.

Solution: It seemed to be a pretty easy fix. I needed to add a route to my internal LAN gateway in linux ( through the wg config). Then linux just does what it needs to do to ship packets around.. It seems to be working.

#selfhosted#selfhosting
Mar 21, 2025, 04:58 PM·Public·Elk
1boost·1favorite
Quiet public
Elliot Schlegelmilch

@train what service? do I understand correctly you want it accessible on the lan as well as wireguard? allowed up on the remote ip should just be the machines lans address. if this is an untrusted entity, then firewall it.

Quiet public
ItzTrain

@elliot Umm. Yes I want all outbound traffic from this VM to go through wiregaurd but internal LAN ip's can access it as well.. Right now since i'm telling it shove all outbound traffic through wg.. Well yea!

Quiet public
Elliot Schlegelmilch

@train it sounds like you'll need policy routing to do what you need to do

Public
James Cousins

@train I’m a novice at this, too, but have a similar setup in Docker. It’s a while since I set it up, but recall it was just a case of mapping ports only on the Wireguard container, then specifying that container as a network mode in the service. (Apologies if you’ve done that, or aren’t using Docker so it’s useless advice.)

Public
ItzTrain

@james Than you for trying. I'm not using docker! However, I figured it out it was a much simpler solution. In the wiregaurd config I just needed to add the internal linux route to my internal LAN gateway and let the underlying network do the rest. It seems to be working.

Public
Chad :vbike:

@train You’re on OPNsense, right? Did you go use this doc to set it up? I followed it when hooking up my mulvad and proton connections and everything works perfectly.

docs.opnsense.org/manual/how-t

docs.opnsense.orgWireGuard Selective Routing to External VPN Endpoint — OPNsense documentation
Public
ItzTrain

@chad Now i'm not using OPNsense. I'm doing this on just one linux client. It was an easy fix. I just needed to add a route to my internal network within linux. That way linux just respects it's routing and starts shipping stuff around. It seems to be working

ExploreLive feeds
About