From e7bb281a6b5f1e4c9e272c45a95167c106d80d6a Mon Sep 17 00:00:00 2001
From: sgf <sgf.dma@gmail.com>
Date: Tue, 13 Jun 2023 15:27:35 +0300
Subject: [PATCH] wireguard. Use suppress_prefixlength to avoid hardcoding
 local network.

---
 wireguard-for_NATed_network/.wg4.conf.swp | Bin 0 -> 12288 bytes
 wireguard-for_NATed_network/wg4.conf      |  14 +++++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 wireguard-for_NATed_network/.wg4.conf.swp

diff --git a/wireguard-for_NATed_network/.wg4.conf.swp b/wireguard-for_NATed_network/.wg4.conf.swp
new file mode 100644
index 0000000000000000000000000000000000000000..b350f80e9fd5c0cb29ac170c0f7ae58b2ffde970
GIT binary patch
literal 12288
zcmeI2&yE{K5XL)PL--d7aX~8L!%Ad##`aDkgOtOH&0!Uhtk5o(C|cSxWqaar_o%za
z6X(K#OWq*j#9MHK2Y{DABH{^n0KOS}cVi=Dgv24*vi)iPxTgB6-;^y`u3`7<qc3R?
z^%WlPDK-D*MYi+&BlYr+f%4-~b9U>)Px4}}joua*Pwb52)Xrws#7G_=+O(Rn2|mut
zpoazfxXvAqEA6tqk#%Pe4^B8cGaPE`rg1$^qSTsyXKI@nd0z-zB?46#?G0|I{eG|8
zl-;@Y3ElkQ^ePdMT7`fR5CTF#2nYcoAOwWKl_wC&YwBB2cxy%C<JI=s#&&fm8zCSB
zgn$qb0zyCt2mv7=1cZPP5CTHr4J4p5rM|na)XleH9{>NJ|Nj5;U8R19euaL4eujR6
z9CQG^550OvsUM&rv<LlmL#gkf3c3w_3VjH@Lhc`-DfARdp%ds3`U2X8+V$T+eqvb&
z2mv7=1cZPP5CTF#2>gEpj@kL#2aL=<U@mo$&zbH~|BgB+3R`n_bnJ25joN37LBHc_
zSmfygUf^^TMe4rUo??5%)<v??<|eGxe0<F8p1_OaLt7i1%}a7s!IW`9rQ;DL$v%zh
znRZi3$X6v!dVkiul|L)kjKhSw)J_P~Oy_1Jm2DGcJknJWus<hE3a`SGB-x1GSU9;{
zc)37xMTbsJW=R(Xr4wz&>?8QMKAe`X+1FY2-|Tm2f(hr;W=xoH-s6l`BhIAFqMoqh
z2o|)-=xOD{1rU_BEYaC2Foiadjtus6pj3O_rJOQrb^;P2Yp_W3$Wi6F<+fz9OZ6mA
zC#cS`&KB_E+e({Da8aAw6UMKpu&FN2z4=|$SwjFm0MPraANB4Iq9p3Z{iLNobmuo~
z$?{^RJEHq}<C;=iE{LC%=*>JVS0pryC6BIlx+$(12mc)QziMlBj9B(G)aevuA<ks%
zB6`%MtMjIE>@9Y1!-fpswnQbX;Po4~bbU_p@6FPo!*$A*F8ssehQnw*dDC03b;UpQ
z)&a1!{ogQdaOY->`{SnYT%te@eo5nU;mS8L>vYhPCk-WZq#a=>9%-A84Gw$V2(SMB
aAnGM|(f;`yNH4zx9v_*&ZlqIwqW%KMYN$~F

literal 0
HcmV?d00001

diff --git a/wireguard-for_NATed_network/wg4.conf b/wireguard-for_NATed_network/wg4.conf
index 5155d8f..234105a 100644
--- a/wireguard-for_NATed_network/wg4.conf
+++ b/wireguard-for_NATed_network/wg4.conf
@@ -4,18 +4,22 @@ Address = 10.10.238.146
 
 Table = off
 
-# Add table for routing marked packets into wireguard.
+# Add rule for routing marked packets into wireguard using separate table.
 PostUp = ip rule add pref 444 fwmark 4 table 444
-# Default route to wireguard.
+# Default route to wireguard in separate table.
 PostUp = ip ro add default dev wg4 table 444
 # Route replies back to sender. Otherwise, they'll be looped back to
-# wireguard.
-PostUp = ip ro add 192.168.4.0/24 dev br0 table 444
+# wireguard. Either copy explicit route into separate table:
+#PostUp = ip ro add 192.168.4.0/24 dev br0 table 444
+# Or use main table, which already has all needed routes for local networks,
+# and just suppress default route there. In that case, i don't need to
+# hardcode NAT-ed network anywhere.
+PostUp = ip rule add pref 443 fwmark 4 suppress_prefixlength 0 table main
 
 # Undo all changes.
 PreDown = ip rule del pref 444 fwmark 4 table 444
 PreDown = ip ro del default dev wg4 table 444
-PreDown = ip ro del 192.168.4.0/24 dev br0 table 444
+PreDown = ip rule del pref 443 fwmark 4 suppress_prefixlength 0 table main
 
 [Peer]
 Endpoint = ...
-- 
2.20.1