I’m trying to route specific traffic based on domain through a wireguard VPN interface. I feel like this might be a bug, but I am not sure, so if someone could either help me out confirming this, or perhaps I have done something wrong.
If I do:
set protocols static route x.y.z.0/24 interface wg01
Using the IP addresses/CIDR the domains resolve to, everything works as expected, so I know there is no blocking of the traffic anywhere. The only issue I have is routing.
I’ve created a domain-group
set firewall group domain-group BBC address 'bbc.com'
Used that group for a policy route (I’ve tried with and without the protocol, both tcp and tcp_udp, and with and without the interface. Interface is internal network, but just in case I’ve also tested with WAN and wg01 interfaces.)
set policy route FILTER-WEB interface 'eth1' set policy route FILTER-WEB rule 1000 destination group domain-group 'BBC' set policy route FILTER-WEB rule 1000 protocol 'tcp_udp' set policy route FILTER-WEB rule 1000 set table '100'
Finally the static routing is set with:
set protocols static table 100 route 0.0.0.0/0 interface wg01
I have also tried using the IP of the wireguard gateway as the next-hop IP, but no luck there either.
show ip route table 100 VRF default table 100: S>* 0.0.0.0/0 [1/0] is directly connected, wg01, weight 1, 13:06:32
show policy route statistics Ruleset Information
(Nothing else comes out)
I may definitely be doing something wrong here, but I feel like it’s not picking up on my domain-group. Any assistance will be very helpful!
I am running VyOS 1.4-rolling-202305140317