Configuration and steps for configuring a Wireguard client to only route traffic when from specific IP address.
https://github.com/angristan/wireguard-install
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
This configuration method means you don't need to worry about potentially having to update routes if google update/remote/change their ranges.
Add an aditional IP to the network config (this assumes you are using netplan).
nano /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp6s18:
dhcp4: no
addresses:
- 10.0.0.3/24 # Standard IP
- 10.0.0.254/24 # IP For Wireguard Traffic
gateway4: 10.0.0.1
nameservers:
addresses: [10.0.0.1]
version: 2
Enable forwarding in /etc/sysctl.conf.
nano /etc/sysctl.conf
Add or uncomment
net.ipv4.ip_forward=1
Run sysctl -p
to apply the change.
sudo su -
apt install wireguard
cd /etc/wireguard
nano wg0.conf
[Interface]
PrivateKey = [REDACTED]
Address = 10.66.66.2/32
DNS = 1.1.1.1,1.0.0.1
Table = off
PostUp = ip rule add from 10.0.0.254 table 42; ip route add default dev wg0 table 42; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;iptables -t nat -A PREROUTING -p tcp --dport 42345 -j DNAT --to 10.0.0.254
PostDown = ip rule del from 10.0.0.254 table 42; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;iptables -t nat -D PREROUTING -p tcp --dport 42345 -j DNAT --to 10.0.0.254
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
Endpoint = [REDACTED]:54364
AllowedIPs = 0.0.0.0/0
wg-quick up wg0
systemctl enable wg-quick@wg0
wg show
curl ipinfo.io
# This should return your normal WAN IP information
#
curl ipinfo.io --interface 10.0.0.254
# This should return your VPN provider information
nano /opt/cloudbox/config.json
Append "--bind": "10.0.0.254"
to the bottom of the "rclone_extras" section
nano /etc/systemd/system/rclone_vfs.service
Append --bind=10.0.0.254 \
to the bottom of the "ExecStart" section