Binding WireGuard to specific ip/interface?

Can I bind wireguard to a specific IP or interface? I want to influence the source-ip-address-selection.

No, but you can configure a preferred source address in static IPv4 routes in the "source address" setting.

But it isn't possible with static IPv6 routes since the "source address" setting is used for source address dependent routing and not for configuring a preferred source address on OpenWrt.

2 Likes

Thanks!
Would u mind giving some command line example? ^^ Never did this. But I can google also, if u do not have the time.

What are you hoping to achieve as an end result? Might be easier to point you in the right direction.

We are building a mesh networks and if someone wants to share their internet connection, we would like to build some wireguard tunnel to a server. But if this person is also connected to the mesh network, we want to prevent that the tunnel is built via the mesh network (so the tunnel should be built via the isp internet).

Basically, wireguard should use the wan interface, instead of some other interface.

Methods:

  • Add a static route to the VPN endpoint via the WAN gateway, and use hotplug to fetch the gateway dynamically if required.
  • Utilize separate routing tables for mesh and WAN, and create an IP rule to look up the WAN table when connecting to the VPN endpoint.
2 Likes

I think another issue why this is more problematic is, if I build a tunnel via v6, the wrong interface is used in the source selection? Source selection is done before routing decision, or?

So the correct interface is used, but the wrong source is used.