softether-go

History

Git Sagar 51824b830e netcfg: add -connmark flag for DNAT reply routing When VPN traffic is DNAT'd to local namespaces/VMs, reply packets have a different source IP (namespace veth) so the policy route's "from <VPN_IP>" rule doesn't match. CONNMARK marks all connections arriving on the VPN interface and restores the mark on reply packets, routing them back through the tunnel via fwmark rule. New flag: -connmark (requires -policy-route-table) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-07 01:06:17 +05:30
..
netcfg.go	netcfg: add -connmark flag for DNAT reply routing	2026-06-07 01:06:17 +05:30

Git Sagar 51824b830e netcfg: add -connmark flag for DNAT reply routing

When VPN traffic is DNAT'd to local namespaces/VMs, reply packets have
a different source IP (namespace veth) so the policy route's
"from <VPN_IP>" rule doesn't match. CONNMARK marks all connections
arriving on the VPN interface and restores the mark on reply packets,
routing them back through the tunnel via fwmark rule.

New flag: -connmark (requires -policy-route-table)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-06-07 01:06:17 +05:30

netcfg.go

netcfg: add -connmark flag for DNAT reply routing

2026-06-07 01:06:17 +05:30