netns,wgengine: add OpenBSD support to netns via an rtable

When an exit node has been set and a new default route is added,
create a new rtable in the default rdomain and add the current
default route via its physical interface.  When control() is
requesting a connection not go through the exit-node default route,
we can use the SO_RTABLE socket option to force it through the new
rtable we created.

Updates #17321

Signed-off-by: joshua stein <jcs@jcs.org>
This commit is contained in:
joshua stein
2026-02-22 17:13:58 -06:00
committed by Brad Fitzpatrick
parent 7370c24eb4
commit 518d241700
11 changed files with 231 additions and 20 deletions
+1 -1
View File
@@ -5601,7 +5601,7 @@ func (b *LocalBackend) routerConfigLocked(cfg *wgcfg.Config, prefs ipn.PrefsView
b.logf("failed to discover interface ips: %v", err)
}
switch runtime.GOOS {
case "linux", "windows", "darwin", "ios", "android":
case "linux", "windows", "darwin", "ios", "android", "openbsd":
rs.LocalRoutes = internalIPs // unconditionally allow access to guest VM networks
if prefs.ExitNodeAllowLANAccess() {
rs.LocalRoutes = append(rs.LocalRoutes, externalIPs...)