mrtick 0 Posted ... I've tried searching similar topic, but didn't find anything. So here's my issue: I have a PC, that I want to have remote access (ssh) to and I only want essential routes for VPN to work. It's connecting using wireguard and I have port 22 forwarding configured. When I configure the PC to route everything through VPN the ssh connection works fine (and airvpn port check reports port 22 is open). However when I restrict the route through VPN to 10.128.0.0/10 network it does not (and airvpn port check reports port 22 is closed). So the question basically is: When I have VPN address assigned from 10.128.0.0/10 network, what's the minimal set of routes for the port forwarding to work? Quote Share this post Link to post
OpenSourcerer 1441 Posted ... On 9/28/2022 at 4:41 PM, mrtick said: However when I restrict the route through VPN to 10.128.0.0/10 network it does not (and airvpn port check reports port 22 is closed). How is this restriction implemented? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
mrtick 0 Posted ... On 9/29/2022 at 9:50 PM, OpenSourcerer said: How is this restriction implemented? I've changed "allowed IPs" in wireguard conf from 0.0.0.0/0 to 10.128.0.0/10 Quote Share this post Link to post
mrtick 0 Posted ... Sharing a solution I've found eventually. There are two steps:1. Allow wireguard to accept packets from all IPs, without creating a default route: Add "Table = off" to the [Interface] section of the config file.2. Route all packets coming from VPN interface back through that interface: In my case interface name is just "airvpn". > echo 200 vpn1 | sudo tee -a /etc/iproute2/rt_tables > sudo ip rule add from <airvpn IP> table vpn1 > sudo ip route add default dev airvpn table vpn1 And it works :) Quote Share this post Link to post