On 9 Mar 2023, at 12:01, Zack Newman wrote:
>> Wondering if anyone has a "best practice" for pealing IP traffic off
>> (in this case an AppleTV) and routing all the traffic across a
>> Wireguard tunnel.
>
> Not sure what you mean by "pealing [sic] IP traffic off"; but when I
> need source-based routing, I prefer using rdomain(4)s and rtable(4)s.
> wg(4) is even rtable-aware. Now I am not in a position to anoint
> something as "best practice", but I couldn't be happier with my setup.
>
Hey Zach, sorry it was poor description of PBR / source-based routing ;)
Someone else also suggested using rdomain and rtable but I thought I
would try to use the pf routing option `route-to` to accomplish this as
it seemed like it might be a simple solution. I guess I just don't quite
understand how it works.
If I was to use a new rdomain/rtable, how would I go about routing a
single IP from a /24 prefix across the wg(4) tunnel and let all the
other IPs in that prefix use the default route (in the default
rdomain/rtable)?
>> It's like the traffic gets dropped (MTU issue?).
>
> MTU should always be taken into consideration. The default MTU for wg
> is 1420, so any traffic that is sent through the WireGuard tunnel
> directly or indirectly should be sent from an interface with MTU less
> than or equal to that value.
Makes sense.
No comments:
Post a Comment