Trying to fix the address family problem
Mikma
mikma.wg at lists.m7n.se
Mon Jan 20 08:19:08 CET 2020
On 19 January 2020 14:58:56 CET, Nico Schottelius <nico.schottelius at ungleich.ch> wrote:
>I wanted to write a script that checks "which address family of my
>endpoint is reachable" and use wg set to update the configuration.
>
>However, it seems it is not as easy as that: inside the tunnel I am
>always using IPv6 networks and if wireguard is active with the IPv4
>family endpoint, but when I am in an IPv6 only network, I cannot reach
>the Internet due to the default rule of wg-quick:
>
>[#] ip -6 route add ::/0 dev wgungleich table 51820
>[#] ip -6 rule add not fwmark 51820 table 51820
>ping -c3 $v6_addr >/dev/null && v6_ok=yes
>ping -c3 $v4_addr >/dev/null && v4_ok=yes
It seems App-Route-Jail should be useful. Try
MARK=51820 LD_PRELOAD=./mark.so ping...
https://github.com/Intika-Linux-Firewall/App-Route-Jail/blob/master/README.md
More information about the WireGuard
mailing list