On 2024-07-15, Sonic <[email protected]> wrote:
> Hello,
>
> I'm trying to find the best way (although I haven't been successful at
> finding any way currently) to have a default route for a subset of
> addresses.
>
> I have several vlans, but no vlan interfaces on the OpenBSD router as
> the routing between vlans is handled by a layer 3 switch. I also have
> several wireguard vpn interfaces on the router.
> All works quite well but I would like to change the default route for
> several addresses from one of the vlans to use a particular wg
> interface for its route to the outside world instead of the default
> route.
>
> Ideas?
Your main options are to use PF route-to (config for this is reasonably
obvious, but make sure that wgaip is set to allow the relevant addresses),
or use multiple rtables and use PF to adjust the rtable used for packets
coming from those addresses on the vlan.
route-to is reasonably obvious.
For the multiple rtables method you'd probably put the wg interface
in some other rdomain, adding an rtable with the same number as that
rdomain with a default route pointing over wg, and using PF as a
selector to select traffic from those specific addresses on the vlan and
rewrite the rtable ("pass in on XX from YY rtable 2" or similar)
--
Please keep replies on the mailing list.
