wip

internal/wireguard/route.go

@@ -1,6 +1,7 @@
 package wireguard
 
 import (
+	"errors"
 	"fmt"
 	"net/netip"
 	"strings"
@@ -29,6 +30,10 @@ func (w *Wireguard) addRoutes(link netlink.Link, destinations []netip.Prefix,
 	return nil
 }
 
+var (
+	ErrDefaultRouteNotFound = errors.New("default route not found")
+)
+
 func (w *Wireguard) addRoute(link netlink.Link, dst netip.Prefix,
 	firewallMark uint32,
 ) (err error) {
@@ -45,5 +50,39 @@ func (w *Wireguard) addRoute(link netlink.Link, dst netip.Prefix,
 			link.Name, dst, firewallMark, err)
 	}
 
+	vpnGatewayIP, err := w.routing.VPNLocalGatewayIP(link.Name)
+	if err != nil {
+		return fmt.Errorf("getting VPN gateway IP: %w", err)
+	}
+
+	routes, err := w.netlink.RouteList(netlink.FamilyV4)
+	if err != nil {
+		return fmt.Errorf("listing routes: %w", err)
+	}
+
+	var defaultRoute netlink.Route
+	var defaultRouteFound bool
+	for _, route = range routes {
+		if !route.Dst.IsValid() || route.Dst.Addr().IsUnspecified() {
+			defaultRoute = route
+			defaultRouteFound = true
+			break
+		}
+	}
+
+	if !defaultRouteFound {
+		return fmt.Errorf("%w: in %d routes", ErrDefaultRouteNotFound, len(routes))
+	}
+
+	// Equivalent replacement to:
+	// ip route replace default via <vpn-gateway> dev tun0
+	defaultRoute.Gw = vpnGatewayIP
+	defaultRoute.LinkIndex = link.Index
+
+	err = w.netlink.RouteReplace(defaultRoute)
+	if err != nil {
+		return fmt.Errorf("replacing default route: %w", err)
+	}
+
 	return err
 }