From a3e9bd45bb1b9c074505d753d854500e68b2bffe Mon Sep 17 00:00:00 2001 From: anoma Date: Tue, 5 May 2020 07:52:28 +0000 Subject: [PATCH] Road warrior NAT reflection hint in readme --- readme-vars.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/readme-vars.yml b/readme-vars.yml index 6e48464..61f16b5 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -76,6 +76,13 @@ app_setup_block: | ## Client Mode Do not set the `PEERS` environment variable. Drop your client conf into the config folder as `/config/wg0.conf` and start the container. + ## Road warriors, roaming and returning home + If you plan to use Wireguard both remotely and locally, say on your mobile phone, you will need to consider routing. Most firewalls will not route ports forwarded on your WAN interface correctly to the LAN out of the box. This means that when you return home, even though you can see the Wireguard server, the return packets will probably get lost. + + This is not a Wireguard specific issue and the two generally accepted solutions are NAT reflection (setting your edge router/firewall up in such a way as it translates internal packets correctly) or split horizon DNS (setting your internal DNS to return the private rather than public IP when connecting locally). + + Both of these approaches have positives and negatives however their setup is out of scope for this document as everyone's network layout and equipment will be different. + # changelog changelogs: - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." }