Skip to content

feat: add policy-based routing and exit node support #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
markwylde merged 4 commits into from
Jun 26, 2025
Merged

feat: add policy-based routing and exit node support #17

markwylde merged 4 commits into from
Jun 26, 2025

Conversation

@markwylde
Copy link
Member

@markwylde markwylde commented Jun 26, 2025

Summary

  • Adds policy-based routing to direct traffic through specific WireGuard peers
  • Introduces --exit-node flag for simple VPN-style routing
  • Implements --route flag for fine-grained routing control

Features

  • Exit Node Support: Use --exit-node=10.0.0.3 to route all traffic through a specific peer
  • Policy-Based Routing: Use --route=192.168.0.0/16:10.0.0.3 to route specific subnets
  • Configuration File Support: Define routes in WireGuard config with Route= directives
  • Routing Engine: Smart peer selection based on destination IP, protocol, and port

Usage Examples

# Route all traffic through peer at 10.0.0.3
wrapguard --config=wg0.conf --exit-node=10.0.0.3 -- curl https://example.com

# Route specific networks through different peers
wrapguard --config=wg0.conf \
  --route=192.168.0.0/16:10.0.0.3 \
  --route=172.16.0.0/12:10.0.0.4 \
  -- ssh internal.corp.com

Test Plan

  • Unit tests for routing engine and CLI parsing
  • Integration tests for peer selection logic
  • Manual testing with multiple peers and routes
  • Performance testing with complex routing tables

markwylde added 4 commits June 26, 2025 23:38
@markwylde
feat: add routing engine for policy-based routing
1198e28 
- Add RoutingEngine to manage routing decisions for WireGuard peers
- Support routing policies with destination CIDR, protocol, and port ranges
- Implement FindPeerForDestination to select appropriate peer for traffic
- Add parsing functions for routing policies and port ranges
@markwylde
feat: add CLI options for exit node and policy-based routing
81acda2 
- Add --exit-node flag to route all traffic through a specific peer
- Add --route flag to define custom routing policies (CIDR:peerIP)
- Implement ApplyCLIRoutes to apply routing policies from CLI
- Support for policy-based routing in config file with Route= directive
@markwylde
feat: integrate routing engine with tunnel and SOCKS server
10ea8c7 
- Add RoutingEngine to tunnel for peer selection
- Update SOCKS5 dialer to use routing engine for destination selection
- Route traffic through appropriate peer based on policies
- Add routing engine to tunnel initialization
@markwylde
docs: add routing documentation and examples
ce56d86 
- Add routing section to README with exit node and policy-based routing
- Create example-routing.conf showing advanced routing configurations
- Add example-usage.sh with practical routing examples
- Update example config with routing policy examples
@markwylde markwylde merged commit aaa9911 into main Jun 26, 2025
3 checks passed
@markwylde markwylde deleted the feat/policy-based-routing branch June 26, 2025 22:46
@markwylde
Copy link
Member Author

markwylde commented Jun 26, 2025

This should fix the second issue in #15

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@markwylde