![]() ![]() But of course now the whole system routes all the packets sent to SERVER_IP through the VPN, I don't need that. Trying to find out why without masquerading the packets are sent with a wrong source address, I tried to add a routing in the default routing table (without fwmark filtering) for the IP address to which I am trying to send a request: ip add SERVER_IP via VPN_GATEWAYĪnd it also worked even without the POSTROUTING trick. To verify this I added iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE, so that all the wrong source addresses that are sent through the VPN interface are translated into the correct VPN source address. ![]() Using tcpdump -i wg0 -n I found that packets are actually sent from a wrong IP address, from the public IP address of my server instead of my internal IP address in the VPN network, as I expected. With this configuration all pings and requests fails. Ip add default via VPN_GATEWAY table TABLE ![]() Ip add VPN_SERVER_IP via INTERNET_GATEWAY table TABLE In the TABLE I add routes: ip add VPN_SUBNET/24 dev wg0 table TABLE So that the packets going from group GROUPNAME are routed using another routing table TABLE. Then, I add a rule ip add rule fwmark MARK table TABLE To do routing through the VPN only for a single program, I run the program with a different group ( sudo -g GROUPNAME) and use iptables -t mangle -A OUTPUT -o owner -gid-owner GROUPNAME -j MARK -set-mark MARK` to set I set the wireguard interface, config, routings, etc. I want to route a traffic from a specific program through a WireGuard VPN. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |