Wireguard and VRFs?

Jason A. Donenfeld Jason at zx2c4.com
Fri Sep 15 04:17:20 CEST 2017

Hi Max,

Yes, WireGuard supports this type of functionality through two more
powerful mechanisms:

- fwmark, so you can do proper policy-based routing via `ip rule` with
multiple tables
- network namespace, so that you can have the udp socket in one
namespace and the actual interface in another

I imagine what you want is the fwmark feature, which seems to match up
with much of the language used in vrf.txt. Check out the wg(8) manpage
for details.


