16.10.2025 13:18, Stuart Henderson пишет:
On 2025-10-16, kasak <[email protected]> wrote:
Hello misc!
I have a wireguard tunnel with this configuration:
# doas ifconfig wg0
wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 158 priority 0 llprio 3
wgport 51820
wgpubkey (secret)
wgpeer (secret)
wgendpoint (also secret) 62160
tx: 122680, rx: 85304
last handshake: 116 seconds ago
wgaip 192.168.66.1/32
groups: wg
inet 192.168.66.2 netmask 0xffffff00 broadcast 192.168.66.255
This is my hostname.wg0 conf:
inet 192.168.66.2 255.255.255.0 NONE
wgkey (secret)
wgport 51820
wgpeer (secret) wgaip 192.168.66.1/32
How can I route some ips, for example 1.1.1.1 through this tunnel?
I saw in linux it is added by
ip route add 1.1.1.1 dev wg0.
I don't quite understand how this works (without gw address).
wg doesn't use link-layer address resolution like ethernet does,
and it has its own special pseudo-routing-table via wgaip, so
directing it towards the interface is enough.
(point to point links are a bit similar, but there's only one
place traffic sent to the interface can go, so it's simpler).
you also need wgaip 0.0.0.0/0 and maybe also wgaip ::/0
Yes, I have added 0.0.0.0 to wgaip and added
!route add 1.1.1.1 192.168.66.1 to hostname.wg0
traceroute shows me that it worked! Thanks!
In OpenBSD i need to add routes like this
route add 1.1.1.1 192.168.66.1
or i also can ommit gateway? Like this?
route add 1.1.1.1 -ifp wg0?
no, the way OpenBSD's route table works, you must list an IP address
that is reachable via the destination interface on the "route add".
this is why we also have such bodges as 0.0.0.1 in pppoe(4).
(it was a bit different before ART; an address was still needed
but back in those days it didn't need to be reachable via the
interface).
