Why does 'allowed-ips' affect route selection behavior?
mikma.wg at m7n.se
mikma.wg at m7n.se
Sun Apr 15 20:58:31 CEST 2018
On 04/15/2018 08:49 PM, Patrick O'Sullivan wrote:
> $ sudo ip route show
> default via 10.199.199.1 dev wlan0
> 10.111.111.0/24 dev wg0 proto kernel scope link src 10.111.111.100
> 10.199.199.0/24 dev wlan0 proto kernel scope link src 10.199.199.131
>
> By this route table, traffic to e.g. 4.2.2.1 should use 10.199.199.1.
> Packet captures were showing traffic trying to instead use wg0. Then I
> found this:
>
> $ sudo ip route get 4.2.2.1
> 4.2.2.1 dev wg0 table 51820 src 10.111.111.100
> cache
>
> Can someone please explain this behavior?
Table 51820 is the default table used by wg-quick.
From wg-quick's man page:
> It infers all routes from the list of peers' allowed IPs, and automatically adds them to the system routing table. If one of those routes is the default route (0.0.0.0/0 or ::/0), then it uses ip-rule(8) to handle overriding of the default gateway.
/Mikma
More information about the WireGuard
mailing list