TunSafe Forum

Welcome to the TunSafe Community Forum. This is open for discussions related to TunSafe and the WireGuard protocol.

You are not logged in.

#1 2018-06-07 18:09:23

jizaztatist
Member
Registered: 2018-06-07
Posts: 3

Forward traffic only from software bound to TAP interface?

Hello,

This pertains to a Windows "client" to Linux "server" wireguard implementation. I am still working through iptables on Linux to get IPv4 forwarding to work at all, but I will probably figure that out soon.

In the mean time, I am wondering is it possible to have only the traffic sent to the Win32 TAP interface forwarded to the wireguard server? I would prefer to use only 1 or 2 applications forward their traffic to the wireguard server for routing. All others would ideally use the physical ethernet interface and talk to my router for routing directly to the web.

Thanks much,
jiz

Offline

#2 2018-06-07 19:19:40

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Forward traffic only from software bound to TAP interface?

Only the traffic sent to the Win32 TAP interface is forwarded to the wireguard server, through a routing table entry.

I don't think there's any way to selectively on an app-by-app basis control whether a specific routing entry should be used or not...

Is this what you mean?

Offline

#3 2018-06-07 19:47:21

jizaztatist
Member
Registered: 2018-06-07
Posts: 3

Re: Forward traffic only from software bound to TAP interface?

Possibly, I know very little about the Windows routing table, but I assumed it was similar to the Linux one. That might be mistaken.

I am thinking that software which allows me to select which interface to bind to for an address should be the only one to communicate with my wireguard server. Eg qBittorrent allows selecting one specific interface to bind to. Other software I use lets me pick an address to bind to, which ideally would work the same way. If I bind the software to only the TunSafe TAP adapter's address (eg 192.168.2.x) then the software will use wireguard to talk to the Web through the server. Other traffic will be sent and received by my normal network (eg 192.168.1.x).

Perhaps my TunSafe is malfunctioning if this is how it is supposed to work. Presently it seems that when TunSafe is connected to my server, it consumes all network traffic on all interfaces, regardless of the AllowedIPs entry.

Last edited by jizaztatist (2018-06-07 19:50:46)

Offline

#4 2018-06-07 23:49:47

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Forward traffic only from software bound to TAP interface?

What's your AllowedIPs line?

Assuming it's not 0.0.0.0/0 and you go to http://zx2c4.com/ip - does it really show the VPN server's IP?

I didn't try qBittorrent, i will try.

Offline

#5 2018-06-07 23:57:06

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Forward traffic only from software bound to TAP interface?

Reading here:

https://serverfault.com/questions/75963 … le_rich_qa

If that's what you're trying to do - it's probably not supported in Windows sad

Offline

Board footer

Powered by FluxBB