Lukas a11f8c4fa0 fix(vpn): add explicit host route for health-check target ...

Without a /32 route in the main table, CHECK_HOST (1.1.1.1) fell through
to the VPN default route where source-address selection was defeated by
the priority-100 'from ETH0_IP' policy rule, causing pings to bypass
wg0 and be dropped by the kill switch.

Also add secondary google.com ping to distinguish IP vs DNS failures.

2026-05-21 21:41:51 +02:00

17 KiB

Raw Blame History

View Raw