From: Luis Ressel <aranea@aixah.de>
To: vrein@tuta.io
Cc: Wireguard <wireguard@lists.zx2c4.com>
Subject: Re: [PROPOSAL] wg-quick ip rule priority
Date: Fri, 10 Apr 2020 07:39:55 +0000 [thread overview]
Message-ID: <20200410073955.i3epess3yd4uximo@vega> (raw)
In-Reply-To: <M4APSeK--3-2@tuta.io>
On Sun, Apr 05, 2020 at 07:37:18PM +0200, vrein@tuta.io wrote:
> Hi everyone!
> I have some tiny proposal for wg-quick utility: adding priority for iproute2 routing rules
>
> For linux.bash this should be as easy as this:
> https://gitea.tort.icu/vrein/wireguard-tools/commit/0947dc76770a5d81ba39340ebe9189b80a92584c
While I don't think it'd be a bad idea to support configurable rule
priorities if they're useful to someone, they shouldn't be neccessary
for the use case you described -- you can avoid the separate routing
rules for wg1 altogether.
All you should need to do is to add "FwMark = 51820" (or some other
arbitrary value, as long as it's identical for both wg tunnels) to the
config files of both wg interfaces. Then you end up with these ip rules
(taken from your post rather than an actual test):
0: from all lookup local
32764: from all lookup main suppress_prefixlength 0
32765: not from all fwmark 0xca6c lookup 51820
32766: from all lookup main
32767: from all lookup default
Furthermore, wg-quick would add an "0.0.0.0/0 dev wg0" route to table
51820, and "10.5.0.0/24 dev wg1" to the main table.
This would result in encrypted traffic using the routes in the main
table, traffic to 10.5.0.0/24 the wg1 tunnel, and everything else the
wg0 tunnel, exactly as intended by you.
> PS:
> Somehow, connectivity with both A and B peers were worked in single wg0 interface some time ago,
> but after few updates this feature stopped working.
It should indeed be possible to have both of these peers on the same wg
interface. If you're running into issues with that, please elaborate on
them here or pay us a visit on IRC (#wireguard on Freenode).
Luis
prev parent reply other threads:[~2020-04-10 7:40 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-05 17:37 vrein
2020-04-10 7:39 ` Luis Ressel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200410073955.i3epess3yd4uximo@vega \
--to=aranea@aixah.de \
--cc=vrein@tuta.io \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).