I cannot have default routes in my main routing table. My DSL interface gets its IP and default gateway via DHCP and I can use VRF to write them into a separate table (Putting DHCP default gateway in different routing table - #2 by c-po):
set vrf name vrf_dsl
set vrf name vrf_dsl table 170
set interfaces ethernet eth0 vif 2 address dhcp
set interfaces ethernet eth0 vif 2 vrf vrf_dsl
Clearly I can’t regularly reach anything on the internet (in particular, my wireguard endpoint) because there is no default route. However, I can successfully ping via ping WIREGUARD-SERVER vrf vrf_dsl.
Now I want to make sure that all tunnel traffic to the Wireguard endpoint (WIREGUARD-SERVER:WIREGUARD-PORT, tcp) uses table 170 (which contains the default route over DSL connection):
set policy route wgtunnel rule 1000 destination port WIREGUARD-PORT
set policy route wgtunnel rule 1000 destination address WIREGUARD-SERVER
set policy route wgtunnel rule 1000 protocol tcp
set policy route wgtunnel rule 1000 set table 170
I believe that this rule doesn’t do anything before it’s attached to some interface:
set interfaces ethernet eth0 vif 2 policy route wgtunnel
However, I the wireguard connection cannot be established. I tried with only:
set policy route wgtunnel rule 1000 destination address WIREGUARD-SERVER
set policy route wgtunnel rule 1000 set table 170
which means, ALL traffic for WIREGUARD-SERVER should take table 170. However, a ping still says: connect: Network is unreachable.
How do I set this properly? (Note: This is for v1.3)