I set up my VPN via Wireguard and it's working but I can't get a killswitch to work.
My
/etc/wireguard/wg0.conf looks like this
[Interface]
Address = [edited]
PrivateKey = [edited]
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
PersistentKeepalive = 25
PublicKey = [edited]
AllowedIPs = 0.0.0.0/0
Endpoint = [edited]
It's already running but if I try to restart WG it fails with this error.
[iota@Strelizia ~]$ sudo rc-service wireguard restart
* Stopping wireguard ...
[#] iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
iptables: No chain/target/match by that name. [ !! ]
* ERROR: wireguard failed to stop
The fwmark I get from that command is
[iota@Strelizia ~]$ sudo wg show wg0 fwmark
0xca6c
I'm at a loss on how to fix this, I'd like to get it working.
I've solved it myself.
Turns out the PostUp command never executed (since I was doing a restart and not a start).
Embarrassing but it's working now!