Sample Header Ad - 728x90

How do I start a process which by-passes a wireguard VPN?

0 votes
0 answers
18 views
networkmanager iproute wireguard
I have a very basic wireguard connection that routes all traffic through a VPN. 
[Interface]
PrivateKey = 
Address = 
DNS = 

[Peer]
PublicKey = 
AllowedIPs = 0.0.0.0,::0/0
Endpoint =
I've imported and enabled it with NetworkManager using nmcli connection import type wireguard file $conf. My problem is I have a scheduled process that I would like to _not_ go through the wireguard tunnel, _(ie come from my home IP address)_. And I'd rather not carve out an exception in the wireguard config. The solution I've tried is to setup a network namespace which is linked to eth0. That way I could bypass the wireguard connection with sudo ip netns exec clearnet. But I can't link the namespace directly to eth0 or else everything else looses access to eth0 and the internet in general. This is turning out very convoluted though because I've got to do something like eth0 -> br0 -> veth0 -> veth1 -> ns1 
sudo ip netns add clearnet # create namespace
sudo ip link add veth0 type veth peer name veth1 # create veth pair
sudo ip link set veth1 netns clearnet # link the veth1 to the clearnet
sudo ip link add br0 type bridge # create bridge
sudo ip link set eth0 master br0 # connect eth0 to the bridge (lose internet here)
sudo ip link set veth0 master br0 # connect veth0 to the bridge

# turn everything on
sudo ip link set br0 up
sudo ip link set veth0 up
sudo ip netns exec clearnet ip link set veth1 up

nmcli connection up br0 # restore internet

# give the bridge an IP address
sudo ip addr add 192.168.100.1/24 dev br0
sudo ip addr add 192.168.100.1/24 dev veth0

# give the namespace and IP address
sudo ip netns exec ip addr add 192.168.100.2/24 dev veth1

# tell the namespace to route via the bridge's IP
sudo ip netns exec ip route add default via 192.168.100.1
At this point I still don't have internet access via clearnet, much less DNS, and I'm convinced I'm doing this the _hard way_. Something like NetworkManager, systemd (which schedules the process), or docker (which executes the process) should have a short cut. Or is what I'm seeking really this complicated?
Asked by cheezsteak (566 rep)
Jul 29, 2025, 08:02 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "networkmanager"
More questions tagged "iproute"
More questions tagged "wireguard"
Footer Ad - 728x90