I got a bunch of self-hosted stuff and use a VPS that has a public IPv4 to access my services because my home network has only DS-Lite. My home server ist connected to the VPS using Wireguard.
Now I want to connect my Smartphone to my VPN to be able to access some local services remotely. I’m able to add a second peer to the Wireguard config on the VPS, but I’m struggeling to configure the AllowedIPs correctly.
The VPS apparently needs AllowedIPs 10.0.0.0/24 and 192.168.178.0/24, but the Smartphone as well for both to redirect request into my home network. But it’s not possible to configure the same IP ranges for two peers. What do I do?

EDIT: Solved: https://iliasa.eu/wireguard-how-to-access-a-peers-local-network/

  • atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    6
    ·
    9 months ago

    The allowed IP range on each client indicates what private address the server can use

    I really dislike this description - yet I see it everywhere. It caused me a ton of confusion initially.

    It’s the IP addresses that will be routed over the VPN. So if you wanted, say, all traffic to go through the VPN then you would use “0.0.0.0/0”. Which is what I do for my phone.

    • notabot@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      Sort of. If you’re using wg-quick then it serves two purposes, one, as you say, is to indicate what is routed over the link, and the second (and only if you’re setting up the connection directly) is to limit what incoming packets are accepted.

      It definitely can be a bit confusing as most people are using the wg-quick script to manage their connections and so the terminology isn’t obvious, but it makes more sense if you’re configuring the connection directly with wg.

    • bobs_monkey@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      I’ve always understood it as the x.x.x.0/x being the gateway designator and network identifier, followed by the range of allowable IP addresses