WireGuard Server & Client I same Subnet

Indirtwetrust · July 3, 2020, 10:38pm

I’m trying to make this work on my home network first to see if it’s possible. I need to run a diagnostic program on Windows 10 remotely and connect to a device on my network. Currently, I have a WireGuard server running on a Raspberry Pi and it all works as I believe it’s intended. I can connect to my home network remotely, SSH into the Pi, etc.
with a wireless card or hotspot. To do what I want though, I need to be able to select a network adapter in the diagnostic program that has an ip of 192.168.0.x either static or assigned from DHCP. But since the home network is 192.168.0.x because the device I need to connect to remotely is and has to be 192.168.0.17 it doesn’t seem like it will work. I can change the VPN’s subnet to match my home network but everything stops working.
I guess I need for the devices on either end to not know that they aren’t really on the same subnet.
Is this possible? Could I do it with a 2nd Pi on the other end? Is there a software I can run on the remote PC to fake this? Or would this be easier with OpenVPN?

Please help, thanks

lleachii · July 4, 2020, 1:13pm

@Indirtwetrust, welcome to the community!

The Local, Tunnel and Remote Layer 3 (IP) networks cannot be incidentally numbered. This is a common and basic routing concept that new network admins encounter when learning. It's like the Mayor of a Town naming/numbering three streets Identically.

It sounds like your app only does LAN testing. Otherwise, properly number all networks - then simply use the IP assigned to the remote machine.

Indirtwetrust · July 4, 2020, 3:23pm

Thank you for the response. So it sounds like it’s possible that this just can’t be done. The application is something of a black box, proprietary software that either connects or doesn’t. Only thing I can select is which network adapter to use. I appreciate the analogy so to be clear, I’m not trying to give houses on a street the same address but to connect two streets with a bridge and make them one so the houses still think they’re neighbors. All the houses would still have a unique address.
Or maybe a bridge isn’t accurate since you couldn’t go directly from one to another but more like a street that has had a freeway run down the middle. Both sides still have unique addresses but the mailman has to take a different route to get to the other side.

lleachii · July 4, 2020, 3:32pm

Unless I misunderstand...as this analogy doesn't make sense anymore ...

If you can only select an adapter anyway, this won't work...since the Wireguard is in the router.

But maybe you can NAT...it's hard to tell in your use case; because you only say it's a "black box" device...like you possibly donno what IP/port is used on a Layer 3 network...unless it's actually some Layer 2 application...

Indirtwetrust · July 4, 2020, 3:59pm

Obviously I’m pretty out of my depth here...
Maybe this is relevant, I did a netsh -a on a laptop that is connected locally to the device to see if it is always on a dedicated port. It’s not. But the protocol is TCP. Do you think it’s possible that the only reason it won’t work is because WireGuard is UDP? Maybe I’d have better luck with Open VPN?

lleachii · July 6, 2020, 3:50pm

It's not helpful. Knowing the SRC and DST IPs of said traffic, would be much more helpful. Then we could determine if you've even setup a VPN that can use some "black box app" to reach a device you cant enter an IP, only an "interface" (whose meaning is not clear when referencing an Android [???- I know you mentioned PC] app).

The UDP of Wireguard carries the encrypted IP traffic inside the virtual WG tunnel you created. I think your mixing the concept of carrying data inside tunnel with the networks on both ends (and the network inside the tunnel).

Only if you need a Layer 2 tunnel between the two points - which it seems like you do.

Indirtwetrust · July 6, 2020, 10:12pm

Okay... Thanks for the snark but I never even used the word “interface” or Android for that matter. And black box was just referencing the Windows x86 program. Like I said, it’s proprietary and there are no network settings. All I can do in the program is select which network adapter to use and hope it changes from “not connected” to “connected”.

Thanks anyway though, I’ll figure it out.

lleachii · July 7, 2020, 9:01am

Huh???

OK...best wishes.

(Adapter and Interface are used interchangeably my statements, perhaps that's your confusion.)

Is this a misunderstanding of terms, or are you saying this because don't want to/don't know how to run an analyzer on the interface to get the required information?

I'm really lost at your response.

I'm kinda lost at why someone said they never mentioned a word...and regarding "Android"...that's why my statement says PC...but OK again...

It's difficult to assist you anyways when you refuse to provide the necessary information; and instead call something a snark.

I already understand it referenced a program...I'm just lost at why you're upset because I was unsure if it was Windows, Mac, Linux, Android,etc...but OK again...since you said running remotely...it was not clear if both ends were Windows....to be honest, it's not even clear yet where Wireguard is running (you mention a Pi, but don't mention which end; and fail to mention what's is running WG at the other end). That information is also important. I'm afraid to mention it, fearing you'll say I'm "snarking" again.