swann: fix tailscale outbound

Tailscale adds a policy-based routing rule at priority 5200-ish, which is
before all the rules that we add. This avoids any Tailscale traffic going
out... over Tailscale, which would be bad.

Anyway, this breaks us because our main table is empty, so there's nowhere
for the Tailscale traffic to actually go. Oops.

Instead, use policy-based routing to send things over our WG tunnel, or over
any of our upstream connections depending on what's available.
This commit is contained in:
Luke Granger-Brown 2022-03-02 00:32:31 +00:00
parent 75ce92b967
commit 080577e0f3

View file

@ -157,6 +157,16 @@ in {
''; '';
addRules = map ruleToLine rules; addRules = map ruleToLine rules;
in '' in ''
# Fix Tailscale, by adding routing rules just before the one they add at prio 5200.
ip -4 rule del priority 5196 || true
ip -4 rule del priority 5197 || true
ip -4 rule del priority 5198 || true
ip -4 rule del priority 5199 || true
ip -4 rule add from all fwmark 0x80000 lookup 150 priority 5196
ip -4 rule add from all fwmark 0x80000 lookup 151 priority 5197
ip -4 rule add from all fwmark 0x80000 lookup 152 priority 5198
ip -4 rule add from all fwmark 0x80000 lookup 153 priority 5199
${lib.concatStringsSep "\n" clearRules} ${lib.concatStringsSep "\n" clearRules}
${lib.concatStringsSep "\n" addRules} ${lib.concatStringsSep "\n" addRules}