Update: exempting two things from WireGuard tunneling

Saeid Akbari saeidscorp at yahoo.com
Tue Mar 6 10:56:10 CET 2018


On Monday, March 5, 2018 11:12:25 PM +0330 Kalin KOZHUHAROV wrote:
> On Mon, Mar 5, 2018 at 7:59 PM, Nicholas Joll <najoll at posteo.net> wrote:
> 
> > (2) Netflix (which I run via a Chrome app).
> 
> ... cannot help you much here, but I guess it is some tcp, udp and rtp
> mix to some large cloud of IPs.
> 
> Cheers,
> Kalin.

On Monday, March 5, 2018 11:13:41 PM +0330 Jason A. Donenfeld wrote:
> Use the ipset= feature of dnsmasq, and then use policy routing on that
> ipset.

Or this link might help: http://www.evolware.org/?p=369

I personally prefer cgroups when I occasionally need to use some website or 
software with different routing needs. So I just simply start a new instance 
of my browser in that cgroup to have its traffic bypassed the wireguard. (or 
bypassing wg? not sure about the grammar :)

PS: I think iptables version 1.6.0(?) and onwards has cgroup match built in; 
so no need to use the binary provided by the website.


More information about the WireGuard mailing list