Binding WireGuard to specific ip/interface?

Can I bind wireguard to a specific IP or interface? I want to influence the source-ip-address-selection.

1 Like

No, but you can configure a preferred source address in static IPv4 routes in the "source address" setting.

But it isn't possible with static IPv6 routes since the "source address" setting is used for source address dependent routing and not for configuring a preferred source address on OpenWrt.

2 Likes

Thanks!
Would u mind giving some command line example? ^^ Never did this. But I can google also, if u do not have the time.

What are you hoping to achieve as an end result? Might be easier to point you in the right direction.

We are building a mesh networks and if someone wants to share their internet connection, we would like to build some wireguard tunnel to a server. But if this person is also connected to the mesh network, we want to prevent that the tunnel is built via the mesh network (so the tunnel should be built via the isp internet).

Basically, wireguard should use the wan interface, instead of some other interface.

I think another issue why this is more problematic is, if I build a tunnel via v6, the wrong interface is used in the source selection? Source selection is done before routing decision, or?

So the correct interface is used, but the wrong source is used.

Any updates to this question since 2 years ago? I also read WireGuard option 'tunlink' does not work

I tried adding the option tunlink 'wwan0' to my network config for example, but it doesn't seem to work. I'm probably doing it wrong. Is there a guide somewhere on binding Wireguard to a specific interface or how exactly to configure the static routes?

We are now using network namespaces:

You can create the wireguard interface in a different namespace with different routing rules and then move it to your default namespace.