Hi everyone, I installed OpenWRT on my WDR-3600 router.
I configured Wireguard as "client" for ProtonVPN.
The VPN works and all the traffic is routed through the VPN, now my question is: can I assign the Wireguard interface to a physical LAN port?
I want only traffic from LAN port 4 to be routed to the VPN and traffic from LAN ports 1-3 to be routed normally. Is this possible?
I Googled a bit but could not find an answer.
Thanks in advance
I do not have your router so I am not 100% sure (there are routers where the switch is not configurable)
But usually this is possible.
You need two things
-
Policy routing to route only some clients/interfaces via the VPN e.g.
Policy-Based-Routing (pbr) package discussion -
Setup and interface for LAN port 4. It is largely like a guest network but instead of configuring a wireless interface you set the LAN port 4 to the created bridge.
How to do that is dependant on your router and you have to look that up or wait for someone to chime in
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan
Then with Policy based routing you route that newly created bridge with its LAN port 4 via the VPN.
1 Like
Step 2 is not needed, you can match in PBR to a local physical device , e.g @wlan0 or @lan4.
2 Likes
I am not sure, it's trial and error I guess.
1 Like
That would only be possible for DSA, but ath79 still uses swconfig (the switch is freely configurable, but the device isn't the fastest one under the moon, so wireguard throughput will be limited).
Hey bud. Did you get this working?
I created a VLAN for LAN4 like this:
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 5'
option vid '5'
option description 'LAN4'
Then how can I assign the @lan4 alias?
Run a ip link and if there is a lan4 you can use it.