I have a Raspberry Pi 4 ("Buster") on which I am deploying a VPN. I am using the Linux Wireguard library installed through:
sudo apt install wireguard.
Here is an example XXXXXX.conf file I would use in the command wg-quick up XXXXXXX. I have elected for there to be a kill switch, but I want to preserve my ability to SSH to the RaspPi from my local network. So I have the normal Kill Switch PostUp/PreDown settings, to which I have added ! -d 10.0.0.0/24 to allow local network access.
[Interface]
# Device: [VPN DEVICE NAME]
PrivateKey = [PRIVATE KEY]
Address = XXX.XXX.XXX.XXX/32,xx00:xxxx:bxxxx:xx01::5:3441/128
DNS = XXX.XXX.XXX.XXX 10.0.0.1
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 10.0.0.0/24 -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 10.0.0.0/24 -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
PublicKey = [PUBLIC KEY]
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = XXX.XXX.XXX.XXX:XXXXX
So far so good. I can SSH into the RaspPi using the IPv4 address 10.0.0.XXX -p XXXX and gain access.
Now, Raspberry Pi comes out of the box with multicast mDNS, and the device can also be reached on the local network by resolving [DEVICE NAME].local. I would like to be able to configure my .conf files to allow mDNS access on the local network, an addition to the Ipv4 access. Success would mean getting a response to ssh [USER]@[DEVICE NAME].local -p [PORT].
The only command that looked promising was the command setting the interface multicast flag. After I activated the VPN, where XX-XXX-XX-001 with the name of the .conf file and interface, I tried the following bash command:
$ ip link set XX-XXX-XX-001 multicast on
No result.