Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use wireuard with the same subnet as the LAN

    Scheduled Pinned Locked Moved WireGuard
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      questionar
      last edited by

      I'm using a wireguard tunnel to connect my smartphone to my local network. I do this to use the AVM Fritz Fon voip app. Unfortunately this App works only in the same subnet as the AVM Fritzbox (router with voip server). The Fritzbox is behind the pfsense in the local lan. So the app works well on my lan, but not on the wireguard tunnel, because the tunnel has a different IP address. Any idea how I can trick the Smartphone in the same subnet as the fritzbox?

      1 Reply Last reply Reply Quote 0
      • planedropP
        planedrop
        last edited by

        You could probably use NAT and proxyARP to solve this, not really ideal though.

        Are you sure the app is having issues because of being on a different subnet and not because of latency running over a VPN?

        Q 1 Reply Last reply Reply Quote 0
        • Q
          questionar @planedrop
          last edited by

          @planedrop Yes, the Fritzbox blocks all foreign subnets while in IP client mode. I helped my self by setting the fritzbox to router mode. But therefor I had to setup a VLAN for the WAN port of the fritzbox. Also if I enable IPv6 support it will start router advertisement. This isn't ideal either.

          1 Reply Last reply Reply Quote 0
          • planedropP
            planedrop
            last edited by

            Gotcha, well it's not really feasible to say give a VPN client a local IP on a subnet the firewall is already managing as an interface, so I think the only solution would be to use NAT but this can create it's own issues.

            But if you were to NAT the wireguard connection to a different IP within that local LAN subnet (and make sure it's not one within that subnets DHCP pool) then you probably can achieve what you're looking for here.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.