[Discuss] Wireguard and Traveling and Network Overlaps oh my!

[dsr at randomstring.org (Dan Ritter)]

Rich Pieri wrote: 
> I'm traveling a bit this weekend and I ran into some network wonk with
> my Wireguard VPN: My home network is 192.168.1.0/24. The place I'm
> staying uses 192.168.0.0/20 for their WiFi network. Because my home
> network overlaps their network, traffic to my home network doesn't go
> out the Wireguard interface. It goes out the default for their net.
> 
> I doubt there is anything I can do about it now, but is there anything
> future me can do to try to avoid this kind of overlap? Other than
> re-addressing everything to use a different private network and hoping
> it doesn't overlap again? Which I can do but not from a motel room 250
> miles away.

There's always something, and in this case, you can do something
really weird.

Set up a network namespace (like a container) which handles your
physical NIC. Let it do DHCP, NTP, etc. Have it create a virtual
NIC in an IP space that you can't possibly get to: find a real
network in, say, Norfolk Island. Use a /30 from there. Or take a
minuscule chance and pick a middle corner of RFC1918 space.

Now, in the rest of your system, route traffic to the virtual
NIC on the /30.  Run wireguard from there. You'll want to run a
DNS resolver, too. Now your 192.168 traffic will go through
wireguard, but other things will go to the /30 to be masqueraded
by your system to the hotel net, and probably from them out to
the world.

Pretty sure you can do this with routing tables too, but a
network namespace is easier to work with systematically.

-dsr-