Networking VPN
From wikinotes
A VPN connects to a private network over a public network, using it's facilities as if it were local.
Tutorials
classic VPN solutions https://www.wireguard.com/netns/
Routing All Traffic
containerization
In a VM or container, you can control the exposed network-interfaces.
You can choose one for all traffic to be routed through.Linux
ip netns add container # create 'container' namespace ip link add wg0 type wireguard # create 'wg0' network interface ip link set wg0 netns container # move 'wg0' to container namespace ip -n container addr add 192.168.4.33/32 dev wg0 # assign ip 192.168.4.33/32 to 'wg0' ip netns exec container wg setconf wg0 /etc/wireguard/wg0.conf # configure 'wg0' ip -n container link set wg0 up # bring up 'wg0' in namespace 'container' ip -n container route add default dev wg0 # set default route in 'container' to point to 'wg0'
replace default route
Linux
# set default route as 'wg0' ip route del default ip route add default dev wg0 # default route accessed through 192.168.1.1 (local gateway) and routed to 163.172.161.0/32 ip route add 163.172.161.0/32 via 192.168.1.1 dev eth0incompatible with DHCP
override default route
Linux
ip route add 0.0.0.0/1 dev wg0 ip route add 128.0.0.0/1 dev wg0 ip route add 163.172.161.0/32 via 192.168.1.1 dev eth0route forgotten when eth0 is brought up/down.
namespace segregation
By default, all traffic will exist in
init
namespace,
your route exists in thephysical
namespace (which routes are not aware of).
you can also route select traffic through the physical namspace if you'd like.This is pretty cool, check it out: https://www.wireguard.com/netns/#the-new-namespace-solution