I have a WireGuard server running in a KVM virtual machine in my LAN. (CentOS 7.6) It accepts WG connections from the outside (phone, laptop) and this is working fine with port-forarding, but I also intend it to be the Azire VPN access to the outside for the LAN.
This question is about the latter. I want every machine in the LAN to go out through the Azire tunnel. The WG interface is running on the server: # ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:c0:46:30 brd ff:ff:ff:ff:ff:ff inet 192.168.1.16/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever 5: outgoingWG-ca1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.34.8.123/19 scope global outgoingWG-ca1 valid_lft forever preferred_lft forever But to start with I want to route all traffic from this server out the WG interface, rather than eth0. # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 0 0 0 eth0 10.34.0.0 0.0.0.0 255.255.224.0 U 0 0 0 outgoingWG-ca1 link-local 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 How would this be done? There is no /etc/sysconfig/network-scripts/ifcfg-outgoingWG-ca1 where I could set gateway since the WG interface is created by a systemd service. Is there a Shorewall trick I could use? Then, how would I route the rest of the LAN to this WG server and out the WG interface to the greater internet?
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
