I have Wireguard setup on an Ubuntu server in my home, and I also have it setup on my rooted Android phone. My home router is a Mikrotik hEX.
Wireguard is extremely fast. So fast I don’t even notice I’m using a VPN. For this reason, I’d really like to just turn Wireguard on in my phone and leave it, so that I don’t have to remember to turn it on every time I leave the house.
The problem is, when I’m connected to my home network (the same network running the Wireguard server) while Wireguard is enabled on my phone, I can’t connect to the internet.
I asked about this on the Wireguard IRC, and someone there told me I need to deal with this in my router/home network. I asked in the Mikrotik IRC and I was told this needed to be dealt with through Wireguard. So I’m completely lost on how to handle this. I don’t even know where to start looking and I’m pretty green when it comes to networking, so anything would be helpful at this point.
Oh and I don’t know if this is helpful or not, but Wireguard uses all the familiar Linux networking tools like ip route, ip tables, etc.
Here is an example Wireguard server configuration file:
In principle, it is possible to connect back into the same Network using VPN. It definitely works for the SoftEther Server I have running on a Raspberry Pi at home.
It might be a DHCP issue. Depending on how exactly the VPN works, the phone could Show up with the same MAC for your router, so it doesn’t get an IP address for the VPN Connection.
I am not familiar with Wireshark specifically, but do you have a way to set up specific IP addresses for VPN Client devices? Alternatively, adding a NAT layer for the VPN might also work.
t might be a DHCP issue. Depending on how exactly the VPN works, the phone could Show up with the same MAC for your router, so it doesn’t get an IP address for the VPN Connection.
I am not familiar with Wireshark specifically, but do you have a way to set up specific IP addresses for VPN Client devices? Alternatively, adding a NAT layer for the VPN might also work.
Wireguard works by creating a separate interface on the device. So you would have eth0, but then also wg0 (or whatever you have named it). I believe Wireguard works similar to openVPNs tun interface.
I was mostly thinking about how the Client devices are represented once they sign up. If - for example - your phone appears with the same MAC through the VPN Interface as it has normally, your DHCP Server might try to assign the same IP address your phone got before, which obviously doesn’t work, because that is already in use.
The safest solution would be using a different subnet for the VPN Logins.
Another possible way, not directly related to the VPN itself, might be using Task planners or triggered Tasks on your phone. I have used a scheduled Task on my tablet to check on any new Network Connection if the assigned Gateway device has the same MAC as my home router. If it didn’t see my home router, it would log into my VPN connection automatically.
I assume something similar would be possible on Android phones.
Another possible way, not directly related to the VPN itself, might be using Task planners or triggered Tasks on your phone. I have used a scheduled Task on my tablet to check on any new Network Connection if the assigned Gateway device has the same MAC as my home router. If it didn’t see my home router, it would log into my VPN connection automatically.
Thanks to /u/Jsreb comment, that’s exactly what I just did and it was extremely simple to automate using “Tasker”.
Wireguard includes some easy to use bash scripts wg-quick up wg0 and wg-quick down wg0 to quickly create and delete the interface.
So it was pretty easy to create a new task:
when this wifi is no longer connected, run this task → execute shell command wg-quick up wg0
and then the reverse when connecting to my home network again.
