blog

12020-03-14

SEAN K.H. LIAO

Goals

additional reading

How

Use the improved rule-based solution similar to wg-quick

40-wireguard.netdev

creating the network device

[NetDev]
Name = wg0
Kind = wireguard

[WireGuard]
PrivateKey = CLIENT_PRIVATE_KEY
FirewallMark = 1234

[WireGuardPeer]
PublicKey = SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = SERVER_ENDPOINT:51820
40-wireguard.network

routing rules

results:

umarked packet: -> table 2468 -> wg0 -> marked -> table main

[Match]
Name = wg0

[Network]
Address = CLIENT_IP_ADDRESS/SUBNET

[Route]
Destination = 0.0.0.0/0
Table = 2468

[RoutingPolicyRule]
InvertRule = true
FirewallMark = 1234
Table = 2468

[RoutingPolicyRule]
Table = main
SuppressPrefixLength = 0