Valentin Barbolin

echo "100 	vpn" >> /etc/iproute2/rt_tables
echo 1 > /proc/sys/net/ipv4/ip_forward

export VPN_NET="10.10.10.0/24"
export VPN_IFACE="tun1"
export VPN_OFACE="tun2s1"

iptables -t nat -A PREROUTING -s $VPN_NET -i $VPN_IFACE -m conntrack --ctstate RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
iptables -t nat -A PREROUTING -s $VPN_NET -j MARK --set-xmark 0x1/0xffffffff
iptables -t nat -A PREROUTING -s $VPN_NET -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff

iptables -t nat -A POSTROUTING -s $VPN_NET -o $VPN_OFACE -j MASQUERADE

ip rule add fwmark 1 table vpn
ip route add default dev $VPN_OFACE table vpn
ip route flush cache

sudo nft add rule nat PREROUTING iifname "eth0" tcp dport {224} dnat 10.0.0.2

(wg0) на ip 10.0.0.2?

sudo nft add rule nat postrouting oifname wg0 masquerade

LocalIdentifier
string
The name of the group. If Hybrid Authentication is used, the string must end with "hybrid".

Actions Menu
Note: When AnyDesk is not installed and has no elevation, the UAC prompt cannot be displayed. AnyDesk will show a warning which needs to be resolved by the remote user.

I believe this is because of added validation to ipconnect2 (which provides the ip utility) in version 5.x (Not sure which version specifically)

vpnc-script, which is used by openconnect, builds CIDR IPv4 addresses and sends them to the ip utility for routing. ip at version 4.x ignores the netmask length information, but ip at version 5.x regards it as invalid.

I used the downgrade AUR package to bring my ipconnect2 to version 4.20, which seems to work.

The script /etc/vpnc/vpnc-script uses the now unsupported ip get route $NETWORK/$NETMASKLEN syntax. I fixed that by changing the line 261 to

$IPROUTE route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output | sed -e "s/^$NETWORK\$/$NETWORK\/$NETMASKLEN/"`