Networking woes: self-hosted sites unavailable via domain name on VPN

Hi,

This is only tangentially related to TrueNAS, so apologies if this is too off-topic.

I am using my TrueNAS server to, amongst other things, self-host various services. Traffic is directed to the correct docker container via reverse-proxy (NPM - running on the same box). My router (a GL.iNet Flint 2, which runs skinned OpenWRT) port forwards traffic from the WAN on 80 and 443 to the TNAS box on the LAN.

This all works beautifully, except when I am connected to my router via VPN (Wireguard). Using the VPN tunnel my domains take me to a cert invalid warning, and if I disable HSTS or hit a temp HTTP service I can see why: I’m being directed to my router control panel.

If I set up port forwarding from the Wireguard server 443 → NPM I can access my self-hosted sites via domain again, but then obviously can’t access anything on the WAN.

How can I configure things (probably OpenWRT) so that I can continue to access my self-hosted domains when on the VPN? (This is particularly frustrating as I have my services configured to use Docker container networking, so I am unable to access via host:port).

Thanks!

I solved my own issue, though I am still open to better solutions/how I should have done things.

I edited my port forward from wireguard zone 443 → truenas:npm-port in the LuCI interface - in the Advanced Settings there’s an ‘External IP address’ field (“Only match incoming traffic directed at the given IP address.”) and I set this to the pppoe-wan option.

I hope this updates when my WAN IP changes (i.e. it’s bound to the interface and not the IP at selection time), but for now it works.