Binding OpenVPN tun1 to WAN1, and tun2 to WAN2

Dark-Fox · April 28, 2020, 4:28pm

Hello!

I use two of the outer 100 megabits / sec connections, WAN1 and WAN2, connected to ISP1 and ISP2 respectively. I also use several OpenVPN tunnels, tun1 and tun2 interfaces.

This is the current configuration of OpenVPN tunnels for IPv4 and IPv6:

config interface 'vpn1_v4'
	option proto 'none'
	option ifname 'tun1'
	option delegate '0'
	option defaultroute '0'

config interface 'vpn1_v6'
	option proto 'none'
	option ifname 'tun1'
	option delegate '0'
	option defaultroute '0'

config interface 'vpn2_v4'
	option proto 'none'
	option ifname 'tun2'
	option delegate '0'
	option defaultroute '0'

config interface 'vpn2_v6'
	option proto 'none'
	option ifname 'tun2'
	option delegate '0'
	option defaultroute '0'

WAN Configuration:

config interface 'wan1'
	option proto 'dhcp'
	option peerdns '0'
	option ifname 'eth0.2'
	list dns 'ххх.ххх.ххх.ххх'
	option delegate '0'

config interface 'wan2'
	option proto 'dhcp'
	option peerdns '0'
	option ifname 'eth0.3'
	list dns 'ххх.ххх.ххх.ххх'
	option delegate '0'

Tell me, please, how do I correctly bind the unmanaged tunnels tun1 and tun2 each to my WAN interface. That is, tun1 to WAN1, and tun2 to WAN2?
The documentation https://openwrt.org/docs/guide-user/network/tunneling_interface_protocols has the tunlink option but it is not described for proto 'none'. Is it possible to apply the tunlink option to proto 'none', will this work correctly?

That is, like this, as in the example below, will it be correct?

config interface 'vpn1_v4'
	option proto 'none'
	option ifname 'tun1'
	option delegate '0'
	option defaultroute '0'	
	option tunlink 'wan1'

config interface 'vpn1_v6'
	option proto 'none'
	option ifname 'tun1'
	option delegate '0'
	option defaultroute '0'	
	option tunlink 'wan1'

config interface 'vpn2_v4'
	option proto 'none'
	option ifname 'tun2'
	option delegate '0'
	option defaultroute '0'	
	option tunlink 'wan2'

config interface 'vpn2_v6'
	option proto 'none'
	option ifname 'tun2'
	option delegate '0'
	option defaultroute '0'	
	option tunlink 'wan2'

juppin · April 28, 2020, 5:09pm

I think you have to set this in your openvpn configs...

trendy · April 28, 2020, 5:21pm

If you want to combine mwan3 with VPN server and client, here is a post about it.

Dark-Fox · April 28, 2020, 5:39pm

Thanks for the link! True, this is not quite what I need, or I do not quite understand some things.
In fact, I need to balance the load between the two ISPs, on my router, as well as between the 6in4 tunnels, and the OpenVPN tunnels. Each 6in4 tunnel and OpenVPN must connect to their ISP. For 6in4 tunnels, there is the option tunlink 'wan' option, which allows you to rigidly bind a specific 6in4 tunnel to the external WAN interface. I want to do the same for OpenVPN tunnels. But the tunlink option is not described for VPN tunnels.
How can I tightly bind ifname 'tun1' to the external interface 'wan1', and ifname 'tun2' to the external interface 'wan2'? What would tun1, when disconnecting wan1 (ISP1), not connect to wan2 (ISP2)?

trendy · April 28, 2020, 9:10pm

You can set policies to route traffic matching some criteria towards a specific wan interface. You can select if this policy will be balanced (out of 2 or more wans), failover (wan1 then wan2) or single wan only.