|:.:.:.:.:.:.:.:.:/.:.:.:.:.:./.:.:.:.:.:.:.:.:.:.:.:.:.:./|   '. :.:.:.:.:.:.:.:.:.:.l.ヽ:.:.:.:.l:.:.:.:.:.:.:.:.:.:∧\:.:.:.',
          |:.:.:.:.:.:.:./.:.:.:.:.:./.:.:.:.:.:.:.:.:.:.:.:.: , ′   l :.:.:.:.:.:.:.:.:.:| ∨.:.:.l:.:.:.:.:.:.:.:.:.:.∧ \:.'.
          |:.:.:.:.:.:/.:.:.:.:.: /.:.:.:.:.:.:.:.:. ヽ/ /    |:.:.:.:.:.:.:./:.:.|   y'.:.:|:.:.:.:.|:.:.:.:.:.:.∧   ヘ.
          |:.:.:.:./.:.:.:.//.:.:.:.:.:.:.:.:.:.:/ \,′   !:.:.:.:.:.:/|:.:./,/ '.:.:| :.:.:.|:.:.:.:.:.:.:.:.|
          |:.:.:/.:.:./.:./.:.:.:.:.:.:.:.:./   /` ‐-‐'|:.:.:./ |ァ'´    |:.:| :.:.:.|:.:.:.:.:.:.:.:.|
          |:.:.i.:.:./.:.:.: '.:.:.:.:.:.:.:/   ,/       |:.:.:/   ′    }.:.| :.:.:.|:.:.:.| :.:.:.:|
          |:.:.|:./.: rヘ|:.:.:.:.:.:/:.| 三三三三三  |:./   三三三 ハ|:.:.:.:.|:.:.:.| :.:.:.:|
          |:.:.l〃.:{  |:.:.:.:./.:.:.|             l.'         .i.:.:.i.:.:.:∧ :.:|ヽ :.:|
          |:.:./.:.:.:.\|:.:.:/.:.:.:.:|                '       |:.:.||:.:/  :.:.| '.:.:l
          |:./.:.:.:.:.:.:. !:./.:.:.:.:.:.'、            ,.ー--、    }.:.:|レ′ ∨  V
          |/.:.:.:.:.:.:.:.:V '´  ̄`ヽ.、            ´`¨¨{. |_.  '.:.:.:.|
         /.:.:.:.:.:.:.:./         ヘ `    . __. -r1 |:.:.:.:.:.:.:.:.|
         :.:.:.:.:.:.:, '         '. \    | _.   -┴ー──┴┐
         :.:.:.:.:./           |  \  r' |   -──────i'
    

< KONAKONA.MOE >

How to Disable Routing for Wireguard Interfaces

Last Mod.: 2024-06-02 | Created On: 2024-02-20


This was part of my qBittorrent-nox guide but I’ve slitted it up.

To make WireGuard not route all traffic through it, you’ll need to edit your config files. By following this guide you will be leaving the WireGuard interface as just another network interface you can optionally bind to, think of Wi-Fi and Ethernet interfaces, depending on the application you can just select which one you are going to use. What’s cooler is that, even if your server already acts like a WireGuard server, like mine does, you’re still going to be able to use WireGuard as a client. To do this…

Leave AllowedIPs= as is (0.0.0.0/0).

Add Table = off below [Interface]. This will allow you to split tunnel the traffic.

/etc/wireguard/<your-wg-conf>.conf

 1[Interface]
 2PrivateKey = <REDACTED>
 3Address = 10.8.0.3/24
 4DNS = 1.1.1.1, 9.9.9.9
 5Table = off
 6
 7[Peer]
 8PublicKey = <REDACTED>
 9PresharedKey = <REDACTED>
10AllowedIPs = 0.0.0.0/0
11Endpoint = <IP>:51820
12PersistentKeepalive = 60

Now you could just chmod 660 or 640 this config file to make it safer. (Make sure it’s owned by root!)

1chmod 640 /etc/wireguard/<your-wg-conf>.conf

Now you can now connect to WireGuard. (Do not add .conf to the end)

1wg-quick up <your-wg-conf>
2# or if you want to connect to wg on boot:
3systemctl enable --now wg-quick@<your-wg-conf>

You can now test if the WireGuard network interface is working.

1ifconfig
2curl ip.me
3curl --interface <your-wg-conf> ip.me

Thanks to this blog post: https://shibumi.dev/posts/disable-routing-for-wireguard/


Prev:
Fixing Syncthing's Favicon with Caddy
Next:
Fixing slskd's Weird Authentication under Caddy