ANSWERED Can't connect to pivpn and airvpn at once?

[cyberslav 1]

So, I'm not sure if this is an issue with airvpn or my pivpn setup (probably the latter), but here's the rundown:
I thought this was the same issue as a question I've asked before, but none of the suggestions helped.

The way my network is currently structured is I have a wireguard tunnel on my college computer, that I'm using to connect to a debian server back home hosting pivpn.
That way, I can network mount all my drives, access my NAS, all that good stuff.

The issue is that I'm only able to connect to one of the two VPNs at once.
I have been able to connect to AirVPN, just not when ALSO tunneling through wireguard.
But when I try to connect to AirVPN after connecting wireguard, or vice versa, it displays the same disconnect -> hop to next server behavior as in my last question above.

Is there some sort of conflict here? Or just some stupid error on my part on my debian machine?

I've attached my logs to this post as well.
Any help is appreciated, thank you!

Eddie_20250108_211647.txt

Edited ... by cyberslav
Added more description of behavior of what's going wrong

[cyberslav 1]

Here's some other things I've checked that haven't worked:
Writing "eddie" in my VPN interface field
Switching to a wireguard protocol

My wireguard endpoint port isn't 51820 though, it's 64000.
Therefore my gut's telling me I need to edit the wireguard protocol to use that port instead.
Here's what my config looks like (without sensitive info, of course)

Quote

[Interface]
PrivateKey = asdfghjkl
Address = 192.168.0.1/24
DNS = 192.168.0.1

[Peer]
PublicKey = asdfghjkl
PresharedKey = asdfghjkl
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 192.168.0.1:64000

Edited ... by cyberslav
forgot to add the top line for clarification

[cyberslav 1]

Okay, I've found a solution (just asked ChatGPT lol)

Here's the diagnosis for anybody else that's having the same problems:

Quote

Your issue likely arises from overlapping or conflicting routing rules when using both WireGuard and AirVPN simultaneously. Here are steps to troubleshoot and resolve the problem:

Analyze the Conflict

1. Routing Overlap: Your WireGuard configuration routes all traffic (0.0.0.0/0, ::/0) through your home server. Meanwhile, AirVPN also tries to route all traffic through its tunnel, leading to conflicts.
2. DNS Conflicts: Each VPN might be trying to override the DNS settings, causing failures in resolving addresses correctly.

NOTE: THE FIRST SOLUTION WORKED FINE FOR ME

It suggested multiple solutions, and I just used the first, but I'll put em all here anyway:
(I've replaced all addresses with 192.168.0.1)

Quote

Solution: Split Tunneling for WireGuard

Configure WireGuard to allow only specific traffic through the tunnel (e.g., your home network).

1. Adjust AllowedIPs: Modify the WireGuard configuration to include only the private subnet of your home network and any other necessary IPs. For example:

   
   [Peer]
   PublicKey = (censored)
   PresharedKey = (censored)
   AllowedIPs = 192.168.0.1/24
   Endpoint = 192.168.0.1:64000

   This ensures only traffic destined for 192.168.0.1/24 goes through the WireGuard tunnel, while the rest uses the default route.
    

   Set Up Routing Table Rules:

2. Use separate routing tables for each VPN.
   • For WireGuard, add a rule to send 192.168.0.1/24 traffic through the tunnel.
   • For AirVPN, ensure its routing table has priority for all other traffic.
   On Linux, you can use "ip rule" to set this up:

   
   ip rule add from <WireGuard IP> table 100
   ip route add default dev wg0 table 100

3. Verify DNS: Ensure AirVPN is handling DNS resolution for general traffic, while your home server (via WireGuard) handles only DNS requests for internal domains. You can explicitly set DNS servers for each VPN.

   Example for WireGuard:

   
   DNS = 192.168.0.1

   Example for AirVPN: Use their client to configure DNS or override it manually

If none of the above work, here were the advanced diagnostic steps it suggested:

Quote

Advanced: Enforce Policy Routing

If you require certain applications to use WireGuard while others use AirVPN:

1. Mark Packets: Use iptables to mark packets based on their source or destination

   
   iptables -t mangle -A OUTPUT -d 192.168.0.1/24 -j MARK --set-mark 1

2. Routing Table by Mark: Add a rule in /etc/iproute2/rt_tables:

   
   200 wireguard

   Assign a route for marked traffic:

   
   ip rule add fwmark 1 table wireguard
   ip route add default dev wg0 table wireguard

Test Configuration

• Disable AirVPN: Confirm WireGuard works correctly.
• Disable WireGuard: Confirm AirVPN works correctly.
• Enable Both: Ensure only expected traffic is routed through each VPN.

[cyberslav 1]

Also small update: after breaking something you might have to edit your wireguard config to look like this:

[Interface]
PrivateKey = asdfghjklasdfghjklasdfghjkl
Address = (Home endpoint IP)/24
DNS = (Home endpoint DNS or whatever)

[Peer]
PublicKey = asdfghjklasdfghjklasdfghjkl
PresharedKey = asdfghjklasdfghjklasdfghjkl
AllowedIPs = (Home endpoint IP)/24, (Home network SUBNET, IE 192.168.50.0)/24
Endpoint = (Public public IP):64000

This is all on my buddy's network back home, so it's a bit scuffed I don't exactly know what goes where,
but there's two components to the allowed IPs, is the main point.

[flat4 79]

I like them private keys LOL
 

[OpenSourcerer 1447]

On 1/9/2025 at 5:07 PM, cyberslav said:

Routing Overlap: Your WireGuard configuration routes all traffic (0.0.0.0/0, ::/0) through your home server. Meanwhile, AirVPN also tries to route all traffic through its tunnel, leading to conflicts.

This is honestly a good analysis from the LLM. Would be my first finding, too, as both VPN softwares change the default route.