swann: fix tailscale outbound
Tailscale adds a policy-based routing rule at priority 5200-ish, which is before all the rules that we add. This avoids any Tailscale traffic going out... over Tailscale, which would be bad. Anyway, this breaks us because our main table is empty, so there's nowhere for the Tailscale traffic to actually go. Oops. Instead, use policy-based routing to send things over our WG tunnel, or over any of our upstream connections depending on what's available.
This commit is contained in:
parent
75ce92b967
commit
080577e0f3
1 changed files with 10 additions and 0 deletions
|
@ -157,6 +157,16 @@ in {
|
||||||
'';
|
'';
|
||||||
addRules = map ruleToLine rules;
|
addRules = map ruleToLine rules;
|
||||||
in ''
|
in ''
|
||||||
|
# Fix Tailscale, by adding routing rules just before the one they add at prio 5200.
|
||||||
|
ip -4 rule del priority 5196 || true
|
||||||
|
ip -4 rule del priority 5197 || true
|
||||||
|
ip -4 rule del priority 5198 || true
|
||||||
|
ip -4 rule del priority 5199 || true
|
||||||
|
ip -4 rule add from all fwmark 0x80000 lookup 150 priority 5196
|
||||||
|
ip -4 rule add from all fwmark 0x80000 lookup 151 priority 5197
|
||||||
|
ip -4 rule add from all fwmark 0x80000 lookup 152 priority 5198
|
||||||
|
ip -4 rule add from all fwmark 0x80000 lookup 153 priority 5199
|
||||||
|
|
||||||
${lib.concatStringsSep "\n" clearRules}
|
${lib.concatStringsSep "\n" clearRules}
|
||||||
${lib.concatStringsSep "\n" addRules}
|
${lib.concatStringsSep "\n" addRules}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue