Wireguard - Discover on iot devices LAN

Delfo

Dear Guys,
I'm experiencing some issues with Wireguard:

I want to control airconditioner devices with their native app.
The native app will do a discover every time you connect, listing all recognised devices in the same lan.

My network configuration is something like this:
Wireguard LAN IP: 192.168.6.10
Iot Network: 192.168.8.0/24

On the other hand, wireguard configuration is:
[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxx
Address = 10.6.0.2/24
DNS = 192.168.6.1

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxx
PresharedKey = xxxxxxxxxxxxxx
Endpoint = xxxxxxxxxxxxxx
AllowedIPs = 192.168.8.0/24, 192.168.6.10/32

When I do a test, I am successfully able to ping and see the devices on the Iot Lan (by a simple ping or by web surfing on their IP, they answer very well)

Anyway, the native app do not discover anything.

I suppose that it doesn't work because the Wireguard server network is different (this is just my opinion but another guy I know has got a similar configuration but its Wireguard Server stands on the same network of the Iot devices.

Does anyone has experienced the same issue? Is there any way to let the Wireguard server to act as it stands on the Iot network, letting the native app to discover correctly the devices?

Thanks in advance, have a good weekend.

Jarhead

@delfo What does the app use as discovery?
WireGuard is a layer 3 VPN only. Probably needs to be on the same segment as the controller.

Delfo

@jarhead hello,
I really don't know which kind of discovery protocol the app uses (We're talking about Daikin...)
Ok, I understand what you mean and there's no solution except putting Wireguard on the same subnet..

Thank you :)

johnpoz

@delfo I do not believe wireguard supports L2.. Really the only way to get L2 is with openvpn tap mode - and its never a good idea.. And clients most likely do not support it anyway

Daikin - like a heater or AC unit - don't they have a website you can manage them from? That way you can control it from anywhere. I control all my iot stuff, no need to vpn in, etc.

Delfo

@johnpoz I totally agree..
I'm thinking to give to the wireguard server a double network setup configuration that includes this Iot Network.
I read that those devices use a UDP Broadcast protocol for the discovery... no way to proxy it in a simple way...
I'll let you know If get something working...

johnpoz

@delfo It might be possible with say avahi or pimd? But vpns are almost always L3..

Discovery is meant for grandma to be able stream to her chromecast with zero networking knowhow - once you segment your network or vpn into your network.. Grandma is not going to be segmenting or vpning into your network - so the apps never designed to work.. Why they don't just let you put in the IP or the fqdn for your devices is beyond me.

Just control your iot devices via their mother ship website ;)

Delfo

@johnpoz , I would be my grandma

Why they don't just let you put in the IP or the fqdn for your devices is beyond me.<

Only God knows....

Just control your iot devices via their mother ship website ;)<

There's an option called "Out of Home" or something similar... but looking at their own beautiful protocol, it seems that these weird devices don't need any strong authentication to set options..so in the worst case I will control them just from home just from their lan..