Why does 'allowed-ips' affect route selection behavior?

mikma.wg at m7n.se mikma.wg at m7n.se
Sun Apr 15 20:58:31 CEST 2018


On 04/15/2018 08:49 PM, Patrick O'Sullivan wrote:

> $ sudo ip route show
> default via 10.199.199.1 dev wlan0
> 10.111.111.0/24 dev wg0 proto kernel scope link src 10.111.111.100
> 10.199.199.0/24 dev wlan0 proto kernel scope link src 10.199.199.131
> 
> By this route table, traffic to e.g. 4.2.2.1 should use 10.199.199.1.
> Packet captures were showing traffic trying to instead use wg0. Then I
> found this:
> 
> $ sudo ip route get 4.2.2.1
> 4.2.2.1 dev wg0 table 51820 src 10.111.111.100
>      cache
> 
> Can someone please explain this behavior?

Table 51820 is the default table used by wg-quick.

 From wg-quick's man page:

> It infers all routes from the list of peers' allowed IPs, and automatically  adds them to the system routing table. If one of those routes is the default route (0.0.0.0/0 or ::/0), then it uses ip-rule(8) to  handle overriding of the default gateway.

/Mikma


More information about the WireGuard mailing list