![]() Local DSL-PUBLIC-IP dev eth0.2 proto kernel scope host src DSL-PUBLIC-IPīroadcast DSL-PUBLIC-BCAST dev eth0.2 proto kernel scope link src DSL-PUBLIC-IP Local 127.0.0.1 dev vrf_dsl proto kernel scope host src 127.0.0.1īroadcast 127.255.255.255 dev vrf_dsl proto kernel scope link src 127.0.0.1īroadcast DSL-PUBLIC-NETWORK dev eth0.2 proto kernel scope link src DSL-PUBLIC-IPĭSL-PUBLIC-NETWORK/21 dev eth0.2 proto kernel scope link src DSL-PUBLIC-IP I can also confirm: sudo ip ruleĢ000: from all lookup unreachableģ2767: from all lookup sudo ip route show table main | grep sudo ip route show table vrf_dslĭefault nhid 22 via DSL-PUBLIC-ROUTER dev eth0.2 proto static metric 20īroadcast 127.0.0.0 dev vrf_dsl proto kernel scope link src 127.0.0.1ġ27.0.0.0/8 dev vrf_dsl proto kernel scope link src 127.0.0.1 And the policy very clearly has the proper rules set for the default route. However, I cannot establish a HTTP connection (or any other, like ssh to any server): /bin/telnet 80īut now comes the kicker: If start a bash session within the VRF context I can connect! sudo ip vrf exec vrf_dsl /bin/telnet 80Ĭonnection closed by foreign really don’t get it. Rule 103 sends all packets from 192.0.2/24 over the wireguard link and rule 104 jumps to the default route (catch-all).Īt first glance, everything works: Wireguard tunnel is established, resolver (DNS) works and all ICMP ping works. The “local-route” policy consults first local and main (both of which do NOT include a default route). ![]() I am actually not 100% sure what vrf bind-to-all does but it was suggested in and afterwards, it made SSH and wireguard working.As a result, the default route (assigned via DHCP) lands in table 170 and NOT the main table Create a VRF “vrf_dsl” with table 170 and bind it to eth0.2.In order to achieve this, I did the following : If not, it should go over the DSL connection.If it has a source address in 192.0.2/24 should be routed over the wireguard tunnel.For any traffic that only matches 0.0.0.0/0 (default route):.Any traffic should consult local routing information (tables local, main, incl OSPF) if there is a more specific entry than 0.0.0.0/0.A test network 192.0.2.241/29 assigned to a dummy interface (to test routing and OSPF).A public routed /24 (192.0.2/24) via a wireguard tunnel from a VPS endpoint.A DSL uplink on eth0.2 with dynamically assigned IP & default route.With your help (pointing me to binding DHCP instance of DSL to a VRF and using vrf bind-to-all), I am close to where I want to be but for some strange reason, outgoing TCP connections don’t work. My simple policy routing (partially discussed in my previous questions ) drives me nuts. Just to get this out of the way from the beginning: No firewall/packet filter (yet).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |