[PROPOSAL] wg-quick ip rule priority

All of lore.kernel.org
 help / color / mirror / Atom feed

From: vrein@tuta.io
To: Wireguard <wireguard@lists.zx2c4.com>
Subject: [PROPOSAL] wg-quick ip rule priority
Date: Sun, 5 Apr 2020 19:37:18 +0200 (CEST)	[thread overview]
Message-ID: <M4APSeK--3-2@tuta.io> (raw)

Hi everyone!
I have some tiny proposal for wg-quick utility: adding priority for iproute2 routing rules

For linux.bash this should be as easy as this:
https://gitea.tort.icu/vrein/wireguard-tools/commit/0947dc76770a5d81ba39340ebe9189b80a92584c

My personal use case:
  I have two peers: A, B

A: allowed ips: 0.0.0.0/0, ::/0
B: allowed ips: 10.5.0.0/24

And I need have connection to every peer.
If those peers are added to the single interface - wg0,
  then all traffic would be intercepted with A peer "allowed ips" mask.

Quick fix for this, which I implemented on my pc
  is to add `ip rule` with priority lower than 32766 but higher than 0
  and higher than other wg interface for peer B.

So there is two interfaces:
  wg0 - which intercepts all traffic
  wg1 - routes all traffic for 10.5.0.0/24 subnet

Here what I have on my PC:
0:      from all lookup local
125:    from all fwmark 0xca58 lookup main
125:    from all to 10.5.0.0/24 lookup 51800
10000:  not from all fwmark 0xca6c lookup 51820
10000:  from all lookup main suppress_prefixlength 0
32766:  from all lookup main
32767:  from all lookup default

Routing rules for wg1 could be added with `(Post|Pre)Up' directive.

PS:
Somehow, connectivity with both A and B peers were worked in single wg0 interface some time ago,
  but after few updates this feature stopped working.

Thank you for attention!

next             reply	other threads:[~2020-04-05 21:51 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-05 17:37 vrein [this message]
2020-04-10  7:39 ` [PROPOSAL] wg-quick ip rule priority Luis Ressel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=M4APSeK--3-2@tuta.io \
    --to=vrein@tuta.io \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.