I prefer the routing table method as it provides more flexibility and functionality.
I dont presume that all users must use tunnel 100% of the time.
More often than nought, the admin will want to retain the ability for one IP (one of his) to be able to access the local WAN
Then there is the scenario where wireguard is not available for whatever reason, and all users can still access the local WAN in this situation.
As per my note, by simply changing the action too lookup-only-in-table on the rule that forces all uses to go to table=use-WG, that removes access to the local WAN for all users and thus covers off that need as well.
Max flex, and future growth, anything else is sub-optimal......... Would you eat French Chocolate if you could eat Belgian Chocolate, hell no! Same thing.
An example of the admin bypassing the tunnel for one of his admin IPs, could be a static IP - .66 on his wifi cellphone... and ORDER of rules is critical!!
/routing table add fib name=use-WG
/ip routing rules
add src-address=192.168.100.66/32 action=lookup-only-in-table table=main
add src-address=192.168.100.0/24 action=lookup table=use-WG
I dont presume that all users must use tunnel 100% of the time.
More often than nought, the admin will want to retain the ability for one IP (one of his) to be able to access the local WAN
Then there is the scenario where wireguard is not available for whatever reason, and all users can still access the local WAN in this situation.
As per my note, by simply changing the action too lookup-only-in-table on the rule that forces all uses to go to table=use-WG, that removes access to the local WAN for all users and thus covers off that need as well.
Max flex, and future growth, anything else is sub-optimal......... Would you eat French Chocolate if you could eat Belgian Chocolate, hell no! Same thing.
An example of the admin bypassing the tunnel for one of his admin IPs, could be a static IP - .66 on his wifi cellphone... and ORDER of rules is critical!!
/routing table add fib name=use-WG
/ip routing rules
add src-address=192.168.100.66/32 action=lookup-only-in-table table=main
add src-address=192.168.100.0/24 action=lookup table=use-WG
Statistics: Posted by anav — Wed Mar 13, 2024 4:29 pm