Does anyone happen to know if there's a way to configure a #WireGuard #VPN to only handle #UDP traffic, leaving #TCP traffic to run over the regular network? #AskFedi
One way to handle this is to use 'ip rule' to mark the traffic to belong to a specific table (called a vrf), and then set up 'ip route' commands to send that traffic to your wireguard interface.
You need to be careful with asymmetric routing. If you are using NAT outbound anyway (because you run RFC 1918 networks inside your network) then it gets easier as you apply source NAT on the correct interface.
My home server has two main interfaces, eth1 (a standard internet connection) and tun0 (an OpenVPN tunnel). I'd like to use iptables to force all packets generated by a local process owned by UID ...
Most probably, that won't work, because wireguard does routing, and routing is IP, layer 3, while TCP/UDP is on layer 4. You may have a look at policy based routing, though.
@Rainer "diasp.org" Sokoll ✅ Yeah, that's the conclusion I later came to unfortunately. There will be a more detailed blog post detailing the problem coming soon (along with any solution I may find).
@♻ Citoyen Candide ☮ Yeah, I wasn't able to find a solution to this particular problem. I solved it in a completely different way that didn't require the port forwarding at all.
@♻ Citoyen Candide ☮ FWIW, this post more or less describes what the problem was. I ended up just upgrading the VPS and running it on the VPS itself as I did originally.
fedops 💙💛
in reply to Jonathan Lamothe • • •I don't think Wireguard per se handles this.
One way to handle this is to use 'ip rule' to mark the traffic to belong to a specific table (called a vrf), and then set up 'ip route' commands to send that traffic to your wireguard interface.
You need to be careful with asymmetric routing. If you are using NAT outbound anyway (because you run RFC 1918 networks inside your network) then it gets easier as you apply source NAT on the correct interface.
See also: https://serverfault.com/questions/345111/iptables-target-to-route-packet-to-specific-interface
iptables - Target to route packet to specific interface?
Server FaultRainer "diasp.org" Sokoll ✅
in reply to Jonathan Lamothe • • •You may have a look at policy based routing, though.
Jonathan Lamothe
in reply to Rainer "diasp.org" Sokoll ✅ • •♻ Citoyen Candide ☮
in reply to Jonathan Lamothe • • •Hello there,
If you already blog post, could you share a link ?
Thank you !
Jonathan Lamothe
in reply to ♻ Citoyen Candide ☮ • •♻ Citoyen Candide ☮
in reply to Jonathan Lamothe • • •Jonathan Lamothe
in reply to ♻ Citoyen Candide ☮ • •♻ Citoyen Candide ☮
in reply to Jonathan Lamothe • • •