I am trying to route traffic from a tagged interface to a wire-guard tunnel, but failing
eth0 -> publicIP (203.0.113.1/24)
eth1 -> Lab1 ( 10.100.0.1/24)
eth2 -> Lab2 ( 10.200.0.1/24
eth3.201 -> vlan 201 (10.201.0.1/24)
eth3.202 -> vlan 202 (10.202.0.1/24)
wg01 -> ( 192.168.251.1/24)
wg02 -> (192.168.252.1/24)
For all traffic that originates from eth3.202, if the outgoing IP is not any of the local ranges, and a few more it should go via interface wg02
So if traffic comes from eth3.202 and if the destination IPs is not ( 203.0.113.0/24, 10.100.0.0/24, 10.200.0.0/24, 10.201.0.0/24. 10.202.0.0/24 **AND 10.250.250.0/24 **) , then send that traffic via wg02 … ( need to NAT when going out of wg02 ) .
I am using
Please let me if this is possible.
Try something like this:
set policy local-route rule 1000 source '10.202.0.0/24'
set policy local-route rule 1000 destination '203.0.113.0/24'
set policy local-route rule 1000 destination '10.100.0.0/24'
set policy local-route rule 1000 destination '10.200.0.0/24'
set policy local-route rule 1000 set table 'main'
set policy local-route rule 1010 source '10.202.0.0/24'
set policy local-route rule 1010 set table '10'
set protocols static table 10 route 0.0.0.0/0 next-hop 192.0.2.5 interface 'wg2'
Thank you for the reply @Viacheslav …
It worked in principle, but it was very slow.
What I did was created a gre tunnel tun10 and routed it via that and it works.
So following your example instead of wg2, tun10.
Except, i am facing a new issue related to MTU.
The network which is connected to eth3.202 is mtu 8950
The interface I have for gre tun10 is 1476.
When I enable the route, ping works but upto packet size 1448. Anything above does not work.
What can I do to fix this ?
MTU standard for internet is 1500 bytes if you don’t have own core/transport system
set protocols static table 10 route 0.0.0.0/0 next-hop 192.0.2.5 interface ‘wg2’
What’s the 192.0.2.5 about. I’d prefer an interface route
set protocols static table 10 interface-route 0.0.0.0/0 next-hop-interface wg2