ipset-dns combined with wg-quick

ipset-dns combined with wg-quick

[Feng Li]

Hello Jason,

I have tried `wg-quick`, it works well but it will pass through all
traffic to the peer.
And I found you have created a small project called "ipset-dns"[1],
which is good for routing traffics by domains.

However, if I combined it with `wg-quick`, it will not work.
The network will connect timeout. And I found the ipset-dns did works well.
So I guess the question is the route table related.
But I'm not familiar with it.

The ultimate aim is like this:
If I want to route google.com/twitter.com/facebook.com to the peer,
just add the domains in the dnsmasq.conf.

The related command looks like this, the marks and route table maybe
have some conflicts.
```
+ sets youtube 1
+ iptables -t mangle -D PREROUTING -m set --set youtube dst,src -j
MARK --set-mark 1
+ ipset -X youtube
+ ipset -N youtube iphash
+ iptables -t mangle -A PREROUTING -m set --set youtube dst,src -j
MARK --set-mark 1
--set option deprecated, please use --match-set
+ routes 1 wg0
+ echo 0
+ ip route flush table 1
+ ip rule del table 1
+ ip rule add fwmark 1 table 1 priority 1000
+ ip route add default via 10.0.0.2 table 1
+ killall ipset-dns
+ ipset-dns youtube '' 1919 8.8.8.8
+ killall -SIGHUP dnsmasq


[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 10.0.0.4/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] mount `8.8.8.8' /etc/resolv.conf
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables -A FORWARD -i eth0 -j ACCEPT; iptables -A FORWARD -o eth0
-j ACCEPT;iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
```
Could you give me some helps?
Thanks.

[1]: https://git.zx2c4.com/ipset-dns/tree/README.md
-- 
Thanks and Best Regards,
Feng Li(Alex)
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard