On 2025-10-16, kasak <[email protected]> wrote: > Hello misc! > I have a wireguard tunnel with this configuration: > > # doas ifconfig wg0 > wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420 > index 158 priority 0 llprio 3 > wgport 51820 > wgpubkey (secret) > wgpeer (secret) > wgendpoint (also secret) 62160 > tx: 122680, rx: 85304 > last handshake: 116 seconds ago > wgaip 192.168.66.1/32 > groups: wg > inet 192.168.66.2 netmask 0xffffff00 broadcast 192.168.66.255 > > This is my hostname.wg0 conf: > > inet 192.168.66.2 255.255.255.0 NONE > wgkey (secret) > wgport 51820 > wgpeer (secret) wgaip 192.168.66.1/32 > > How can I route some ips, for example 1.1.1.1 through this tunnel? > > I saw in linux it is added by > > ip route add 1.1.1.1 dev wg0. > > I don't quite understand how this works (without gw address).
wg doesn't use link-layer address resolution like ethernet does, and it has its own special pseudo-routing-table via wgaip, so directing it towards the interface is enough. (point to point links are a bit similar, but there's only one place traffic sent to the interface can go, so it's simpler). you also need wgaip 0.0.0.0/0 and maybe also wgaip ::/0 > In OpenBSD i need to add routes like this > route add 1.1.1.1 192.168.66.1 > > or i also can ommit gateway? Like this? > > route add 1.1.1.1 -ifp wg0? no, the way OpenBSD's route table works, you must list an IP address that is reachable via the destination interface on the "route add". this is why we also have such bodges as 0.0.0.1 in pppoe(4). (it was a bit different before ART; an address was still needed but back in those days it didn't need to be reachable via the interface). -- Please keep replies on the mailing list.
