Your route-to should specify the IP to send packets to, not an interface
(which would expand to the _local_ address on that interface)
--
Sent from a phone, apologies for poor formatting.
On 16 July 2024 20:17:08 Sonic <sonicsm...@gmail.com> wrote:
On Mon, Jul 15, 2024 at 6:17 PM Stuart Henderson
<stu.li...@spacehopper.org> wrote:
Your main options are to use PF route-to (config for this is reasonably
obvious, but make sure that wgaip is set to allow the relevant addresses),
route-to is reasonably obvious.
The problem I'm having with route-to is the packets go out the wg
interface but replies are lost.
For instance either:
pass in quick on $int_if from <vlanhosts> to !$int_if:0 route-to wg4
or
pass in quick on $int_if from <vlanhosts> to !$int_if:0 route-to wg4 nat-to wg4
work to get the packets to the wg interface but they don't get back to
the host on the vlan
a tcpdump on the wg interface while pinging yahoo.com from the host gives:
15:05:23.348778 192.168.77.182 > 74.6.143.25: icmp: echo request (DF)
15:05:23.397312 74.6.143.25 > 10.2.0.2: icmp: echo reply (DF)
15:05:24.348037 192.168.77.182 > 74.6.143.25: icmp: echo request (DF)
15:05:24.395843 74.6.143.25 > 10.2.0.2: icmp: echo reply (DF)
the wg interface address is 10.2.0.2 and the wgaip is 0.0.0.0/0
I also do not see the reply hitting the $int_if which it would need to
do to get to the switch so the switch can route it to the vlan
I must be missing something.
