kafisc1
commented
5 months ago I can confirm the issue.
Open baltoche opened 5 months ago
kafisc1
commented
5 months ago I can confirm the issue.
zaneschepke
commented
5 months ago Hello! This is something that the restart on ping failure feature should help fix. There is really no simple solution to fixing this issue without restarting the tunnel or tweaking your DNS setup. I know the ping restart feature is having issues right now, but I plan on spending some more time on it to make it more robust and configurable.
bobpaul
commented
1 month ago If the VPN is configured with a domain name the ip should be updated when switching network (and not through the VPN obviously)
I've seen this in tools like wireproxy which has an option to specify a public IP address to use for resolving the tunnel host, but this is definitely not something that I would expect to happen by default. That's an additional feature.
Generally in Wireguard, It's assumed that only of the peers changes their IP address at a time (your phone roams from a wifi address to a cellular address). In the situation you're describing, both peers changed endpoints at the same time (your phone got a new IP address and your VPN server also got a new address). That's the fault of how you have it configured.
If I understand the problem, you have some vpn.example.com which points to a computer on your LAN on your home network, but points to the WAN address of your router (which does port forwarding) when you're outside you're home, is that correct?
In that case, you should configure "NAT Reflection" on your router. TpLink calls this NAT Loopback. Other's call it "Reflexive NAT".
Without NAT Reflection Without NAT reflection, ports that your forward from your router's WAN address to a computer on your network are only forwarded if the requests are received on the router's WAN port.
flowchart TD
phone --DNS: vpn.example.com?--> onedotone[1.1.1.1]
onedotone --DNS 111.222.333.444--> phone
router <--lanport--> LAN
subgraph LAN
wg{{wireguard
server}}
end
subgraph internet
phone
onedotone
end
phone[phone] --wg: 111.222.333.444:51280--> router
router --wg: 192.168.0.10:51820-->wgflowchart TD
internet <--wanport-->
router
phone --DNS: vpn.example.com?--> router
router --DNS: 192.168.0.10--> phone
subgraph LAN
wg{{wireguard
server}}
phone
end
subgraph internet
end
phone --wg: 192.168.0.10:51820-->wg
phone --wg: 111.222.333.444:51820--x routerWith NAT Reflection With NAT reflection, ports that your forward from your router's WAN address to a computer on your network are forwarded to your computer even if the requests come on the LAN port.
flowchart TD
internet <--wan-->
router
phone --DNS: vpn.example.com?--> router
router --DNS: 111.222.333.444--> phone
subgraph LAN
wg{{wireguard
server}}
phone
end
subgraph internet
end
phone --wg: 111.222.333.444:51820-->router
router --wg: 192.168.0.10:51820-->wgIf you enable NAT reflection, you can always use the WAN address of your router, even from inside your network. You can set DNS that always points to that address.
Describe the bug When I leave my wifi network (where the DNS points to a local ip) and my phone switches to mobile network (where the DNS points to a public ip) I lose connectivity but the VPN thinks it is still connected.
Smartphone (please complete the following information):
To Reproduce Switch between 2 networks that don't use the same ip for the vpn
Expected behavior If the VPN is configured with a domain name the ip should be updated when switching network (and not through the VPN obviously)
PS: thank you to all contributors for this great software.