Description
What's the feature 🧐
In case vpn service is providing nat-pmp for port forwarding (ProtonVPN. for example) downstream services would need an indication what is our actual default gateway capable of port forwarding (be it rtnetlink requests or just parsing ip route or something), which is not clear from the routing table (note - I'm using wireguard, maybe with openvpn it's different). In my case wireguard server gateway is 10.2.0.1, tun0 is 10.2.0.2.
/ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.29.0.1 0.0.0.0 UG 0 0 0 eth0
10.2.0.0 * 255.255.255.252 U 0 0 0 tun0
172.29.0.0 * 255.255.0.0 U 0 0 0 eth0
I'm able to do ip route replace default via 10.2.0.1 dev tun0, which explicitly forwards all traffic to the tunnel.
/ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.2.0.1 0.0.0.0 UG 0 0 0 tun0
10.2.0.0 * 255.255.255.252 U 0 0 0 tun0
172.29.0.0 * 255.255.0.0 U 0 0 0 eth0
But there's no way of automating this, from what I can see default gateway is detected on the start and applied automatically. Can we make this configurable somehow?
Also this will act as a natural kill switch since in case uplink is broken traffic is naturally not going anywhere w/o any additional iptables rules - tun0 is our default gateway.
Please let me know if I'm missing something and thank you for your work.
#1488 - somehow related. Of course you can maintain separate natpmpc binary, but a lot of software is perfectly capable to work with nat-pmp on it's own, it only needs an idea where to submit port forwarding request (something you tell explicitly to natpmpc). Basically any libtorrent-based software will work, I've tested it with libtorrent 2.0.9
Extra information and references
No response