Solved Use a jail to bypass host wg VPN

[mfjurbala]

Tried searching here and the internet but can't seem to find what exactly I'm looking for but that could be from a lack of understanding.

I want to use a wireguard VPN for my desktop, the host. I need to access one specific site not on the VPN. I Thought the easiest way to do this would be a jail that bypasses the host VPN.

I'd prefer to just use my WiFi, wlan0, but when I tried to bridge that to the jail I can't seem to get it to work. Might be an issue with bridging over WiFi or I just set the jail up wrong. I followed the handbook.

I can use Ethernet for the jail if that's easier or the better way to solve my issue. Maybe just pass that directly to the jail instead of using a VNET jail?

So can I use a jail to bypass a wq-quick setup VPN on the host? Or can I just have wireguard affect only wlan0 and use igb0 for the jail?

I can provide more info, just not sure what exactly is relevant as I've never really thought about networking, jails, VPNs, etc.

Thanks

 

[covacat]

just route add a static route for that host (or more if it has more ips)
most likeley you have 2 /1 routes via the vpn iface and a /32 for the vpn endpoint
add a /32 for the site you need

 

[mfjurbala]

Thanks for the suggestion. What I did for now is to get out my old powerline adapters so I can use the wireless and wired interfaces. Then I created a VNET jail and assigned the wired interface. This removes it from the host so my wireguard config ignores it. Now, my host traffic goes through a VPN, and that jail's traffic is not on the VPN.

There's probably better or more correct solutions but this works well enough. If anyone sees this and wants more info let me know. I basically followed the handbook and a blog from Vermaden.