I am configuring a raspberry pi to work as a wireguard VPN router/firewall. The client will connect to the raspi via WLAN (hostapd), the raspi itself is connected to the ISPs router via LAN, and supposed to re-route all traffic over the configured wireguard server. As it is going to be used in a restrictive country and thus using shadowsocks to mask the wireguard traffic, I work along this guide to set this up: https://www.oilandfish.com/posts/wireguard-shadowsocks.html

I am stuck at "2.7 Add Static Route". The reason is that I cannot know the static IP of the gateway that will be used at this moment. I'd rather like to be able to "plug and play" the raspi to whatever router is there and dynamically ("automa[t|g]ically") add the necessary route via the gateway IP (e.g. no matter whether it is, or anything else - or does maybe a generic notation exist, that I am not aware of?).

Is there a way to add a rule using "ip route add ..." that allows such a use case?

Alternatively, I think about some configuration UI where you have to enter the gateway IP, that then triggers a script to update this route. This approach seems like shooting a mosquito with a bazooka (please apologize this bad metaphor) - other suggestions are welcome.

If you have any further questions about what I try to accomplish, please do not hesitate to ask. Thank you in advance for your suggestions!

  • Assuming DHCP is assumed, you can use a to ip rule to lookup route table main for
    – Tom Yan
    Commented Jul 11, 2022 at 4:54

1 Answer 1


If you want "plug and play", first thing is, your IP address and default gateway must be configured via DHCP.

Then you need to write a script that, after DHCP completes, gets the default gateway from the routing table, for example with ip route show default) and uses it in ip route add. Probably there is a method to somehow hook into the DHCP client to start the script - if not, you can alternatively start the script from cron @reboot and run ip addr show on your network interface in a loop until the script sees IP address is configured).

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .