fix: add missing route for WireGuard CIDR in userspace implementation

mr-karan · mr-karan · commit 63b0aa2b94f3 · 2025-07-30T00:32:29.000+05:30
- Added route for entire CIDR range (10.100.0.0/24) through WireGuard interface
- Fixes issue where userspace WireGuard doesn't automatically add kernel routes
- Server can now properly route return traffic to WireGuard clients
- Resolves 'dial tcp 10.100.0.3:7777: i/o timeout' errors
diff --git a/internal/tunnel/tunnel.go b/internal/tunnel/tunnel.go
@@ -87,6 +87,17 @@ func New(opts PeerOpts) (*Tunnel, error) {
 		return nil, fmt.Errorf("error bringing up the link: %w", err)
 	}
 
+	// Add route for the entire CIDR range through this interface.
+	// This is needed for userspace WireGuard since kernel doesn't automatically
+	// add routes like it does for kernel WireGuard.
+	route := &netlink.Route{
+		Dst:       cidrNet,              // 10.100.0.0/24
+		LinkIndex: link.Attrs().Index,   // wg0 interface
+	}
+	if err = netlink.RouteAdd(route); err != nil {
+		return nil, fmt.Errorf("error adding route for CIDR %s: %w", opts.CIDR, err)
+	}
+
 	// Decode the private key.
 	pk, err := encodeBase64ToHex(opts.PrivateKey)
 	if err != nil {
