Hi everyone, i’ve been struggling with this for a while now and some help would be greatly appreciated. In short: I have a Raspberry Pi running on my local network with some services running which I want to access everywhere. The Raspberry Pi I’m trying to access has a local address of 192.168.1.100.Ever since starting to use my own hosted VPN and a VPN tunnel in DD-WRT, things got messy.
I currently have a Wireguard VPN server setup with an Azure VM. My WG server config file looks like this:
[Interface]
Address =
SaveConfig = true
PrivateKey = $server_private_key
ListenPort = $WIREGUARD_PORT
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -d -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s -j MASQUERADE
PreDown = iptables -D FORWARD -i wg0 -j ACCEPT
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -D FORWARD -i wg0 -d -j ACCEPT
PreDown = iptables -t nat -D POSTROUTING -o eth0 -s -j MASQUERADE
PostDown = ufw route delete allow in on wg0 out on eth0
[Peer]
PublicKey = $client_one_public_key
PresharedKey = $preshared_key
AllowedIPs = 10.14.32.101/32, 192.168.1.0/24
[Peer]
PublicKey = $client_two_public_key
PresharedKey = $preshared_key
AllowedIPs = 10.14.32.102/32, 192.168.1.0/24
All of my client configurations look something like this:
Whatever I do, when I’m not home but connected to my VPN, I cannot connect to my RPi (or any other local devices). When typing in 192.168.1.100 my browsers states connection failed. Where should I start looking? Thanks in advance!
That was my setup before. All traffic from the Pi then originated from the public (static) IP from my ISP. I don’t want to use that IP anymore though. I’m using a VPN tunnel because I want all my devices to have their traffic routed through the VPN.
so you want everything outbound to not have your ISP IP address and you also want connectivity inbound?
I think you should probably edit your post with all of your requirements because they seem a lot more complicated than what you have said. It’s hard to help when no one understands what you want, i’m not trying to be a dick, just wanted to point it out so you actually get help.
In short - what you’re trying to do if i understand correctly is create a site to site vpn where everything comes out to the internet via your not home site?
Either way what you want is more complicated the way you’re doing it. These are old world solutions :). A more modern solution would be a mesh like zerotier or tailscale. You can do more with tailscale but zerotier is simpler. With tailscale if i understand what you want correctly. From there you basically have a LAN where you can choose to exit from anywhere physically and appear to come from a Tailscale IP.
If you’re not up for that or are doing this as a learning experience get ready for some fun with routing tables :).
Can’t you set up split-tunneling in the wirguard app? I.e. “Use this VPN for IPs in this range: 192.168.1.0/24, but not for anything else”.
A quick google search seems to indicate that it can at least do this on a per-app basis, so you could just download an additional browser app as the only app that goes through the VPN.
I don’t want to have 2 VPN apps for this purpose. I also don’t want to access my Pi using the public IP of my ISP. So this is not really going to work for what I’m trying to achieve
