Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://p.mr64.net/objects/298869b6-9bc0-45ca-81d4-c1785c779068">mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 04-Apr-2024 04:40:38 JST</a><a href="https://p.mr64.net/users/mr64bit" title="mr64bit@p.mr64.net"><img src="https://gnusocial.jp/avatar/5125-48-20220814014427.webp" width="48" height="48" alt="mr64bit" style="position: absolute; left: 0; top: 0;">mr64bit</a><div><a href="https://misskey.bubbletea.dev/notes/9rnqyyhgpc" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/132186" title="reldred@social.bcicorporate.com">reldred</a></li></ul></div></section><article><p><a href="https://misskey.bubbletea.dev/@shibao">@shibao</a> <a href="https://social.bcicorporate.com/@reldred">@reldred</a> Have you tcpdumped your external interface to verify though? Instead of modifying your main routing table, Wireguard uses packet marking and routing rules. It marks its own packets with a tag, and adds a routing rule to redirect all non-tagged packets to a different routing table that sends them through the tunnel.</p>~ % ip rule               
0:	from all lookup local
31492:	from all lookup main suppress_prefixlength 0
31493:	not from all fwmark 0x1337 lookup 4919
32766:	from all lookup main
32767:	from all lookup default~ % ip route sh table 4919
default dev wg0 proto static scope link metric 50</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2896012#notice-5756922">In conversation</a><time datetime="2024-04-04T04:40:38+09:00" title="Thursday, 04-Apr-2024 04:40:38 JST">about 8 months ago</time> <span>from <span><a href="https://p.mr64.net/objects/298869b6-9bc0-45ca-81d4-c1785c779068" rel="external" title="Sent from p.mr64.net via ActivityPub">p.mr64.net</a></span></span><a href="https://p.mr64.net/objects/298869b6-9bc0-45ca-81d4-c1785c779068">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 04-Apr-2024 04:40:38 JSTmr64bit
in reply to
- 受不了包
- reldred
@shibao @reldred Have you tcpdumped your external interface to verify though? Instead of modifying your main routing table, Wireguard uses packet marking and routing rules. It marks its own packets with a tag, and adds a routing rule to redirect all non-tagged packets to a different routing table that sends them through the tunnel.
~ % ip rule 0: from all lookup local 31492: from all lookup main suppress_prefixlength 0 31493: not from all fwmark 0x1337 lookup 4919 32766: from all lookup main 32767: from all lookup default ~ % ip route sh table 4919 default dev wg0 proto static scope link metric 50
In conversationabout 8 months ago from p.mr64.netpermalink

Public

Embed Notice

HTML Code

Corresponding Notice