Community discussions

MikroTik App
 
nashgc
just joined
Topic Author
Posts: 2
Joined: Fri Dec 09, 2022 1:32 pm

Send specific traffic to WireGuard tunnel

Fri Dec 09, 2022 1:58 pm

Hello!

I recently setup my mullvad vpn via wire guard protocol. Right now it route all traffic through tunnel, but can't figure out how to send only specific traffic (example.com, example2.com, etc...) through wire guard tunnel.
What I've done:

1. Сreate a WireGuard interface
2. Add new IP address (mullvad) and bind to WG interface
3. Add WG peer configuration
4. Set DNS server to DNS settings
5. Add route - 0.0.0.0/0 with gateway mullvad
6. Add NAT rule to masquerade all on WG interface.

I've read many articles and forum topics, somewhere they say that I can add "Address List" to my route - but I can see any options about it in my route, another try walk me through firewall "layer 7" protocol - but I still wasn't successful. So would you please give me some advices/instruction/articles/wiki how to send specific traffic through WG tunnel, btw, if it make any sense I have ROS 7.6.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Send specific traffic to WireGuard tunnel  [SOLVED]

Fri Dec 09, 2022 6:22 pm

You cannot..................
You can send a subnet out a wireguard, or a user, or groups of users etc...................
Its not based on .com.

ANother option is to use wifi. ( two different vlans )
SSID A - normal WAN
SSID B - wireguard

So the users can choose.
Or put switches on peoples disk port1 is for normal WAN, port2 is for wireguard ( two different vlans )
 
nashgc
just joined
Topic Author
Posts: 2
Joined: Fri Dec 09, 2022 1:32 pm

Re: Send specific traffic to WireGuard tunnel

Fri Dec 09, 2022 7:18 pm

Hm it's suddenness =) Ok, maybe it works vice versa, like to make some exclusion(exclude some addresses?) from wireguard tunnel?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Send specific traffic to WireGuard tunnel

Fri Dec 09, 2022 8:33 pm

@anav is not completely correct, you can route traffic to selected destinations identified by hostnames, it's just that reliability depends on other factors.

It's easy if you have specific hostname (www.example.net) with static or mostly static IP address, the site hosts everything on www.example.net and doesn't load stuff from <something random and changing all the time>.example.net, or from completely different and unpredictable external domains. Simple case like this, just add hostname(s) in address list and use mangle rules to assign routing marks based on this list. But when it's less predictable (so opposite of the previous), it's anywhere between problematic and impossible.

Who is online

Users browsing this forum: Amazon [Bot], BartoszP, DanMos79, robertkjonesjr, VinceKalloe and 82 guests