Route whole LAN through VPN

[lumdef]

I use a FreeBSD x86_64 router and I want to route my LAN through Wireguard VPN. You can check my networking setup in this thread: https://forums.freebsd.org/threads/wireguard-on-14-0-release.91192/


Most of the websites work, but some of them bread with this error in Firefox development console (network tab): https://developer.mozilla.org/en-US...dium=firefox-cors-errors&utm_campaign=default


What part of my networking causes this?

 

[SirDice]

Look at your routing tables.

 

[lumdef]

I think I am not qualified enough, can you take a look and help me?

 

[SirDice]

Wireguard sets a bit of an odd "default" gateway, because there can only be one default.

0.0.0.0/1          link#7             US          wg0
128.0.0.0/1        link#7             US          wg0

The first range (0.0.0.0/1) covers IP addresses 0.0.0.0 (not valid but you get the idea) up to 127.255.255.255, the second range (128.0.0.0/1) covers 128.0.0.0 up to 255.255.255.255. This is effectively the same as setting "default" (0.0.0.0/0). Routing always looks at the smallest hit on a range, so it'll prefer 128.0.0.0/1 and 0.0.0.0/1 over 0.0.0.0/0.

Based on this. everything should be routed over the VPN tunnel. No idea why Firefox croaks on some connections, might be (as the document states) because of a plugin (ad-blockers for example).

 

[lumdef]

Does it mean the routes within your quote should be deleted?

 

[SirDice]

Does it mean the routes within your quote should be deleted?

No. You wanted to know if (and how) things are routed to the VPN? That's what I explained.

 

[SirDice]

https://www.youtube.com/playlist?list=PLIFyRwBY_4bRLmKfP1KnZA6rZbRHtxmXi

Specifically this one:

View: https://www.youtube.com/watch?v=rYodcvhh7b8

 

[lumdef]

Wireguard sets a bit of an odd "default" gateway, because there can only be one default.

0.0.0.0/1          link#7             US          wg0
128.0.0.0/1        link#7             US          wg0

The first range (0.0.0.0/1) covers IP addresses 0.0.0.0 (not valid but you get the idea) up to 127.255.255.255, the second range (128.0.0.0/1) covers 128.0.0.0 up to 255.255.255.255. This is effectively the same as setting "default" (0.0.0.0/0). Routing always looks at the smallest hit on a range, so it'll prefer 128.0.0.0/1 and 0.0.0.0/1 over 0.0.0.0/0.

Based on this. everything should be routed over the VPN tunnel. No idea why Firefox croaks on some connections, might be (as the document states) because of a plugin (ad-blockers for example).

The problem persists if I do not use Wireguard, but less sites break (like GitHub).

Prior to upgrade to 14.0 it worked fine.

 

[SirDice]

You're going to need to show specific examples because 14 has been working fine here for some time now (upgraded several machines to 14/stable long before 14.0-RELEASE came out).