mish/vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f14d4f8f334dea53da9b8afec241346e59a05187
vpn/configs/ru-vds/vpn-routing.conf
mguschin f14d4f8f33 Migrate to pure nftables routing (remove iptables/ipset) 
- Replace hybrid iptables/ipset/nftables approach with pure nftables
- Add nftables native set for Russian IP ranges (populated from RIPE)
- Create update-direct-routes.sh script to load IP ranges from RIPE database
- Remove ipset and iptables dependencies from postup.sh/postdown.sh
- Add automatic weekly cron job for IP range updates
- Update all documentation to reflect the new approach

Benefits:
- More reliable: no iptables/nftables conflicts
- Simpler debugging: single tool for all rules (nft list ruleset)
- Atomic rule loading: prevents partial failures
- IP-based routing is more predictable than DNS-based

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-19 18:02:28 +03:00

24 lines
485 B
Plaintext
Raw Blame History

# dnsmasq configuration for VPN routing
#
# Note: Routing decisions are now based on destination IP ranges,
# not DNS responses. Russian IP ranges are loaded into nftables
# by the update-direct-routes.sh script.
# Listen only on VPN interface
interface=wg0
bind-interfaces
# Upstream DNS servers
server=8.8.8.8
server=8.8.4.4
server=1.1.1.1
# Don't read /etc/resolv.conf
no-resolv
# Cache settings
cache-size=10000
# Log queries (optional, uncomment for debugging)
# log-queries
Reference in New Issue View Git Blame Copy Permalink