You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# This allows you to tunnel only one subnet (physical interface) and leave the other - i.e. DMZ - attached directly to the internet.
# It's not necessary to do this manually as the wg-up.sh script does it for us. I add this for reference, and to show how it works.
# First, add a VPN routing table:
echo "10 vpn" >> /etc/iproute2/rt_tables
# Next, add the following policy rule for the LAN interface you want to route via VPN:
ip rule add unicast iif [LAN interface] table vpn
# This rule tells the system that any traffic coming in from LAN interface xyz should look to table VPN for its routes.
# You can check the rules with ip rule show:
ip rule show
0: from all lookup local
32765: from all iif xyz lookup vpn
32766: from all lookup main
32767: from all lookup default
#The rules are applied in ascending order, until a rule matches. If a packet is received on interface xyz, rule 32765 matches, else the next rules are tried.
#You can now add routes to the vpn routing table. For example, to add a default route (from LAN subnet on xyz) to your tunnel:
ip route add default dev azirevpn-uk1 via 10.20.xx.xx table vpn
ip route add 192.168.2.0/24 via 192.168.2.1 dev [DMZ interface] table vpn
# To print the vpn routing table so you can check it, use