diff --git a/infra/root/setup.sh b/infra/root/setup.sh
index a43a0b6..7020aae 100755
--- a/infra/root/setup.sh
+++ b/infra/root/setup.sh
@@ -52,16 +52,19 @@
 ip6tables-nft -t mangle -A POSTROUTING -o $OUTBOUND_INTERFACE -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
 # setup routing rules (vpn --> outbound)
+# v4
 ip r flush table 100
 ip r add   table 100 default dev $OUTBOUND_INTERFACE
 
-ip ru add iif $VPN_INTERFACE lookup 100 priority 100
+ip ru add iif $VPN_INTERFACE priority 99  lookup main suppress_prefixlength 0
+ip ru add iif $VPN_INTERFACE priority 100 lookup 100
 
-
+# v6
 ip -6 r flush table 100
 ip -6 r add   table 100 default dev $OUTBOUND_INTERFACE
 
-ip -6 ru add iif $VPN_INTERFACE lookup 100 priority 100
+ip -6 ru add iif $VPN_INTERFACE priority 99  lookup main suppress_prefixlength 0
+ip -6 ru add iif $VPN_INTERFACE priority 100 lookup 100
 
 ####################################################################
 # iptables de-duplicate