So, if your VPN client receives a TCP/IP packet addressed to xxxx (from you due to SSH), it will try to answer with xxxxx as source IP address. This restores TCP connectivity (including SSH) simply because the TCP layer always "answers" with the same source address. SSH tunnels are more daunting to novice users, but setting up an SSH server is simpler in fact, many people will already have an SSH server that they access remotely. By adding this PostUp command you tweak this policy-based routing to also still use the old default route if the source IP address of the IP packet in question matches xxxxx. Novice users can easily connect to a VPN, but setting up a VPN server is a more complex process.
It configures policy-based routing to select the default route from the new table unless the IP packet being sent was created by Wireguard (which, of course, needs to still use your old default route from the main table).
How does it work? wg-quick will (in Table = auto mode which is the default) add a default route (from the AllowedIPs) into a new routing table that is separate from the main table. To your VPN client's config file with xxxxx replaced by the IP address that is assigned to the other interface you connect to via SSH (e.g. PreDown = ip rule del from xxxxx table main Add the following PostUp = ip rule add from xxxxx table main Though, it's possible to tweak the routing setup. The existing SSH connection breaks because of that.
UBUNTU VPN SERVER ALLOW SSH PROXY INSTALL
This would make wg-quick install a new default route on the "client" side which, of course, affects routing. Sounds like your VPN client uses AllowedIPs = 0.0.0.0/0, ::/0 # or similar (e.g.
0 kommentar(er)
