I haven’t tested that allowedIPs approach actually. I’ll take a look at that python wrapper, thanks. I don’t know much about iptables and routing. I think learning it sufficiently will take quite some time? Or are there some tutorials around? I also actually use WireGuard with macOS (though I occasionally use it on Linux, too).
> On Aug 25, 2019, at 11:47 PM, Derrick Lyndon Pallas <[email protected]> wrote: > > Why wouldn't this happen as an iptables rule? > > If some AllowedIPs trick is working for you and you're using Python and the > kernel version of Wireguard, check out [1], which will allow you to > programmatically set up the interface. > > FWIW, I'm not sure adding complication to AllowedIPs is the right approach, > but adding it to a tool seems reasonable. Maybe it also makes sense to allow > an IPset, but I'm haven't thought it through. My gut says routing prior to > Wireguard is probably what you're looking for. > > [1] https://github.com/ArgosyLabs/wgnlpy > > ~Derrick • iPhone > >> On Aug 22, 2019, at 12:10 PM, Aryn Starr <[email protected]> wrote: >> >> I live in Iran, and here the internet censorship is fierce. I need to route >> almost all of my traffic through the VPN, but some domestic sites are not >> accessible from the US. Also, since ISPs apply different censoring rules, >> sometimes my own servers are not reachable via the VPN (because the server’s >> ISP blocks the VPN, while my local ISP does not.) >> The best current solution I’ve seen is >> ``` >> $ python3 >> >>>>> import ipaddress >>>>> n1 = ipaddress.ip_network('106.203.202.0/23') >>>>> n2 = ipaddress.ip_network('106.203.203.13/32') >>>>> l = list(n1.address_exclude(n2)) >>>>> print(l) >> >> ``` >> Which is terrible. >> _______________________________________________ >> WireGuard mailing list >> [email protected] >> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
