Ok so when I search this I keep getting articles that just talk about Allowed IPs which really isn’t what I want.
Here is my goal:
Route all non-LAN traffic for a few containers over wireguard via the host’s wireguard config.
Configure it so that by default applications/containers now restricted to the wg0 interface do not use wireguard and go out as normal.
I can restrict containers to use a specific interface easily enough, and I think this is possible with using marks or different parallel routing tables but the articles I can find don’t cover it. Certainly a bit of an edge case but it should be possible?
Windows Client doesn’t support it itself. Android supports app selection…
There is a thirdparty Windows client that supports split tunneling. TunnelTo is a GUI for https://www.wiresock.net/ .
TunnlTo can use wiresock to tunnel to specific ip’s and app/process names and everything from an application folder. Just missing the function to use multiple wireguard tunnels for different use cases at the same time.
The Wireguard is not working with the new Google TV streamer, with the old Google Chromecast it was working fine. Now it is impossinle to add a tunnel, the message being: there are no apps, though the apps are installed, which were working with the Google Chromecast, like Solid Exlorer. How can this be solved, please?
I think this is possible with using marks or different parallel routing tables
I think multiple routing tables are required for policy based routing. (that’s what it is called) . Marks may not be required since “ip rule” can use other information for selecting routing table, such as source interface and source IP address.
If this just for a few containers what you want is Gluetun, it is a VPN stack has a lot of pre loaded profiles but I had to do a custom and it was still stupid easy. I also recommend for extra paranoia adding a killswitch to the conf. Your other containers will use gluetun as its network mode, gluetun then picks up on the needed ports and serves them. Additionally the services can be set to fail if gluetun is unhealthy. Mine even has my portforwards. I opted to go the stupid easy stack method where all my Linux distro containers are in the same compose as gluetun but it can be accomplished others ways too. To start highly recommend combining them into a single compose though.