On 9 Mar 2023, at 12:01, Zack Newman wrote:
Wondering if anyone has a "best practice" for pealing IP traffic off
(in this case an AppleTV) and routing all the traffic across a
Wireguard tunnel.
Not sure what you mean by "pealing [sic] IP traffic off"; but when I
need source-based routing, I prefer using rdomain(4)s and rtable(4)s.
wg(4) is even rtable-aware. Now I am not in a position to anoint
something as "best practice", but I couldn't be happier with my setup.
Hey Zach, sorry it was poor description of PBR / source-based routing ;)
Someone else also suggested using rdomain and rtable but I thought I
would try to use the pf routing option `route-to` to accomplish this as
it seemed like it might be a simple solution. I guess I just don't quite
understand how it works.
If I was to use a new rdomain/rtable, how would I go about routing a
single IP from a /24 prefix across the wg(4) tunnel and let all the
other IPs in that prefix use the default route (in the default
rdomain/rtable)?
It's like the traffic gets dropped (MTU issue?).
MTU should always be taken into consideration. The default MTU for wg
is 1420, so any traffic that is sent through the WireGuard tunnel
directly or indirectly should be sent from an interface with MTU less
than or equal to that value.
Makes sense.
