Comment on Selectively chaining a VPN to another while allowing split tunnelling on clients?
hungover_pilot@lemmy.world 2 months ago
I do something similar with opnsense and policy based routing. opnsense is acting as both a VPN client and server. The client interface connects out to a commercial VPN, and the server interface listens for incoming connections. Based on what I I want to accomplish I setup firewall rules that use policy based routing to route incoming VPN traffic where it needs to go.
Regarding split tunnel on the client, the Android wireguard app has the option to specify what traffic uses the tunnel based on the application
Emotet@slrpnk.net 2 months ago
Oh, neat! Never noticed that option in the Wireguard app before. That’s very helpful already. Regarding your opnsense setup:
I’ve dabbled in some (simple) routing before, but I’m far from anything one could call competent in that regard and even if I’d read up properly before writing my own routes/rules, I’d probably still wouldn’t trust that I hadn’t forgotten something to e.g. prevent IP/DNS leaks.
I’m mainly relying on a Docker and was hoping for pointers on how to configure a Wireguard host container to route only internet traffic through another Wireguard Client container.
I found this example, which is pretty close to my ideal setup. I’ll read up on that.