Web lists-archives.com

Re: Accessing a host with variable IP addresses / connection types




On 17/04/19 3:03 AM, Celejar wrote:
> Hi,
> 
> I've been bedeviled by this question for a while, but have been unable
> to figure out a clean, non-hackish solution. It may be an XY problem ...
> 
> I have a system (laptop, running Debian) that is sometimes connected
> directly to my LAN, and sometimes connected via VPN (wireguard, to the
> local router, running OpenWrt). The LAN is 192.168.0.0/24, with the
> laptop having a fixed, static address in that range (although I'm
> certainly open to using DHCP, possibly with a fixed address
> reservation). The VPN is 10.0.0.0/24, with the laptop getting a fixed,
> static address in that range (and wireguard apparently doesn't work
> with dhcp).
> 
> I currently have an entry in /etc/hosts on the various LAN hosts
> assigning a hostname to the laptop's fixed local address, and the LAN
> hosts can access the laptop via that hostname. [I could alternatively
> use dnsmasq, which is running on the router regardless.] This obviously
> doesn't work when the laptop is connected via VPN. [The laptop can
> access the LAN hosts fine via their hostnames, so I seem to have the
> routing correctly configured on the laptop and the router.]
> 
> What I seem to want (but maybe XY?) is some way to adjust the host
> files (or dnsmasq's information) so that the hostname will resolve to
> the LAN address when the laptop is connected to the LAN, and the VPN
> address when it's connected via VPN. If everything was using DHCP, this
> would be straightforward enough, but as I said, the VPN apparently
> needs to be configured statically, and not via DHCP. I could obviously
> use some custom script (using, say, ageas, to modify host files) but
> this seems hackish. What is a standard, 'correct' way to do this, or
> more generally, to enable the LAN hosts to access the laptop
> seamlessly regardless of its IP address and connection type?

What about connecting to the VPN even from the LAN? So the VPN address
is always available.

Another thought I've had in the past, but probably won't work in this
case (because one of the locations is on the same side of the router as
the other machines) is to give the laptop its own block (on the loopback
or maybe a dummy device), and adjust the routing tables (which the
wireguard server will probably do).

Richard


Attachment: signature.asc
Description: OpenPGP digital signature