I have following setup:
- Home: FritzBox 7490 (192.168.178.1)
- Notebook with Ubuntu 22
- Neighbor: FritzBox 7590 (192.168.178.1)
I was able to set up VPN connection as described by AVM (Ref: Setting up an IPSec VPN to the FRITZ!Box in Linux). When I am in my neighbor's WiFi I can successfully connect (tun0 interface).
But when I try to access some home server through VPN I have to use the IP address. DNS resolution does not work. Also fritz.box in Browser always leads to my neighbor's 7590 (instead of my 7490).
How can I configure Ubuntu to fix this?
$ cat /etc/resolv.conf
# Generated by NetworkManager
search fritz.box
nameserver 192.168.178.1
nameserver some::ipv6::address
nameserver some::ipv6::address
$ nslookup dev-S5
Server: 192.168.178.1
Address: 192.168.178.1#53
** server can't find dev-S5: NXDOMAIN
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default fritz.box 0.0.0.0 UG 600 0 0 wlp2s0
i12345678.versa fritz.box 255.255.255.255 UGH 50 0 0 wlp2s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp2s0
192.168.178.0 0.0.0.0 255.255.255.0 U 50 0 0 tun0
192.168.178.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp2s0
fritz.box 0.0.0.0 255.255.255.255 UH 50 0 0 wlp2s0
ping -I tun0 192.168.178.1and it is my router.ip route get 192.168.178.1will show you whether your expectation is correct. The reason why it isn't (and couldn't be) should be clear if you ask yourself how your tunnel device sends its encrypted packets to their destination. What is the first hop? There is only one route for that (clearly the one through the tunnel isn't a option - it is the tunnel): over gateway192.168.178.1, the on-link neighbour's router.192.168.178.1on the local LAN is for its exclusive use, and everyone else should talk to "the other 192.168.178.1". Actually, you could possibly force this with user-based policy routing or packet marking (WireGuard does this very neatly), but that's like shooting a mosquito with a cannon. The trivial solution is to give the two gateways different IPs, for the simple reason that you can't have two devices with the same IP address in a single LAN and expect both to be reachable.