A question re. #wireguard
When I’m away from home I usually connect to my home (US) and my server (Europe). However sometimes (not always) the connection to my home is blocked, I don’t know if it is caused by my phone company or my ISP. I blame the latter, because the connection to my european server never fails.
I wonder if there is something I can do in those cases?
I guess I could try to redirect the traffic to use the european server as a proxy, but that would make things slower the 90% of the time this isn’t a problem. Also, this would require me to switch wireguard connections manually, which is not ideal, especially if I’m driving.
Another alternative would be tailscale (maybe with headscale), but I’d rather keep my infrstructure as wireguard only.
Any ideas? cc @[email protected] @[email protected]
@[email protected] the name resolution is not the issue, the ip hasn’t changed
Then try setting PersistentKeepalive on the client
@[email protected] no, the issue is not keepalive, since it cannot connect in the first place… moving to another wifi (instead of celullar) works fine, so it is not a problem with my configuration.
You might want to put these pertinent details in your post.
If you’re on a cellular network that has CGNAT, Wireguard may not be able to work. Same deal if it’s an IPv6 network.
@[email protected] Thanks, but I did
I guess tailscale will have to do
Tailscale is Wireguard. If it works, then something is wrong with your Wireguard configs.
@[email protected] Tailscale is way more than WireGuard but ok
Friend…Tailscale uses the same Wireguard protocol as everything else. If Tailscale is working, but your solo configs aren’t, it’s not a Wireguard problem, it’s a config problem. Guaranteed.
@[email protected]
I never said my config is not working, I said sometimes (some cellular connections, but not all) it is not working, that is a huge difference.
I highly recommend you educate yourself a bit https://tailscale.com/compare/wireguard
https://tailscale.com/blog/how-tailscale-works#DERP
TLDR
Tailscale is built on TOP of Wireguard, but has a few goodies that Wireguard doesn’t provide.
Could it be that the domain name has both IPv4 and IPv6 and depending on the network you try to reach one or another? Wireguard can work on both protocols, but from my experience it doesn’t try both to see which one works (like browsers do). So if at the first try the dns resolves the “wrong” IP version, wireguard cannot connect and doesn’t fallback trying the alternative.