Can someone take me off this list? I’ve tried like 4 times replying to the wireguard list and it says Unsubscribed! And then comes back :(
> On Jan 5, 2021, at 6:50 PM, Phillip McMahon <[email protected]> wrote: > > Hi Chris, you first post made it sound very much like a query on > wg-quick, it's mentioned in a way that implies you're using it. > > "...My first try was with wg-quick, and noticed all my traffic went > through the WG-VPN connection. > It escapes me why. What is the idea behind this policy? > > On my Linux boxes it's not a problem, I don't have to use wg-quick and > with few lines of bash in a script I have what I need. I have > root...." > > On the working config I have, multiple clients, multiple wg tunnels > and policy-based routing, AllowedIPs does set up entries in my routing > table. Not setting another in AllowedIPs results in what you are > seeing, no traffic flow as their are no routes established. wg uses > your standard OS functionality for routing, try adding those routes > manually and no in the wg config and you should see quickly traffic > start to flow. > > AllowedIPs function in the config is to easily encapsulate simple > routing requirements for tunnels that probably satisfies the needs of > most simple users. Stick in 0.0.0.0/0 and everything goes down the > pipe, or add specific ranges you want to go down the pipe and nothing > else. > > Or you can go your own route (no pun intended) and make full use of > your OS routing and IP capability to get as complex as you need. > > wg doesn't have a policy to take over your routing, but if you use > wg-quick as mentioned in your first post it's taking care of lots of > things for ease of use and based on the content of your config might > take over all routing. > > Post your config and what you actually want to achieve and I am sure > this mailing list will have you up and running in no time. > > On Tue, 5 Jan 2021 at 22:16, Chris Osicki <[email protected]> wrote: >> >> On Wed, Jan 06, 2021 at 01:25:30AM +0500, Roman Mamedov wrote: >>> On Tue, 5 Jan 2021 21:12:12 +0100 >>> Chris Osicki <[email protected]> wrote: >>> >>>> As far as I can see after few tests, AllowedIPs config file option has >>>> nothing to do with routing and I hope >>>> it will stay like this. >>> >>> wg-quick uses AllowedIPs to also set up matching entries in the system >>> routing >>> table. This can be disabled in its config. >>> >>>> It is just a filter >>> >>> It is not only a filter on incoming packets, but also WG's internal routing >>> table for knowing which packets should be sent to which peer. >> >> I'm sorry to contradict you but after some more readig I have to :-) >> WG has no "internal routing table", wg-quick (which, BTW, is not the subject >> of my query) uses it to modify >> kernel routing tables, from the wg-quick man page: >> >> It infers all routes from the list of peers' allowed IPs, and >> automatically adds them to the system routing >> table. If one of those routes is the default route (0.0.0.0/0 or >> ::/0), then it uses ip-rule(8) to handle >> overriding of the default gateway. >> >> So, in my test config I have a server, 10.10.10.1 and two clients, >> 10.10.10.2/3 >> If on the server I remove the AllowedIPs option, no one can connect. >> Giving AllowedIPs = 10.10.10.0/24 both clients can connect and routing in >> them stays as it was. >> The same for the clients, without AllowedIPs = 10.10.10.0/24 cannot connect. >> >> Thus, my question still remains: why this filtering function? >> >>> >>> -- >>> With respect, >>> Roman >> >> Regards, >> Chris > > > > -- > Use this contact page to send me encrypted messages and files > > https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fflowcrypt.com%2fme%2fphillipmcmahon&c=E,1,q6H7xLo2Ql1ckQzn-sG0WaLpKn2kDMPp696lTGmO6yI5EVJAQAqJRdx-ybG9_uqxLtbwPuvp7GxiKhIBMg38WNDVMfww-ejPJ3ULW_RdDg,,&typo=1 > > P.S. Drowning in email? Try SaneBox and take back control: > https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsanebox.com%2ft%2fold3m.&c=E,1,fVv1zLc4GJa4ts85CMPQnNHvJqqDBh4pZPpNNGqJ7OHbj2jRy_4g49w8CU-BvjN9Ke18WURhfX1mRxJ8msZqB9_JlPmTGl-t3CXLk9yHc9TA-meFewUp0w,,&typo=1 > I love it.
