Hello Jason, I have tried `wg-quick`, it works well but it will pass through all traffic to the peer. And I found you have created a small project called "ipset-dns"[1], which is good for routing traffics by domains.
However, if I combined it with `wg-quick`, it will not work. The network will connect timeout. And I found the ipset-dns did works well. So I guess the question is the route table related. But I'm not familiar with it. The ultimate aim is like this: If I want to route google.com/twitter.com/facebook.com to the peer, just add the domains in the dnsmasq.conf. The related command looks like this, the marks and route table maybe have some conflicts. ``` + sets youtube 1 + iptables -t mangle -D PREROUTING -m set --set youtube dst,src -j MARK --set-mark 1 + ipset -X youtube + ipset -N youtube iphash + iptables -t mangle -A PREROUTING -m set --set youtube dst,src -j MARK --set-mark 1 --set option deprecated, please use --match-set + routes 1 wg0 + echo 0 + ip route flush table 1 + ip rule del table 1 + ip rule add fwmark 1 table 1 priority 1000 + ip route add default via 10.0.0.2 table 1 + killall ipset-dns + ipset-dns youtube '' 1919 8.8.8.8 + killall -SIGHUP dnsmasq [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip address add 10.0.0.4/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] mount `8.8.8.8' /etc/resolv.conf [#] wg set wg0 fwmark 51820 [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] iptables -A FORWARD -i eth0 -j ACCEPT; iptables -A FORWARD -o eth0 -j ACCEPT;iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE ``` Could you give me some helps? Thanks. [1]: https://git.zx2c4.com/ipset-dns/tree/README.md -- Thanks and Best Regards, Feng Li(Alex) _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
