• xabadak@lemmings.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Do you know how to make it so all the host’s traffic is sent through the VPN namespace? I couldn’t figure out how to do this so I ended up just writing my own firewall. Network namespaces seems like a better solution.

    • the_third@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      I haven’t found the time to research an answer for you, sorry. The way I’d go is: create a veth of your physical uplink and stuff it into its own namespace with dhcp client and wg userspace tools. Do not configure the original interface in your initial namespace. Use the approach wg-netns uses to spawn the tunnel interface in initial network ns. Done.

      • xabadak@lemmings.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        No worries, and thanks for providing a response nonetheless. I’ll look into your suggestion when I have the time. The official Wireguard website also had some guide on network namespaces here but afaik it didn’t explain how to set it up persistently