Bypass Wireguard VPN on access point without policy routing app

debunker · July 25, 2020, 10:54am

Is there a way to have a Wireguard VPN only work on a specific access point and then have another access point bypassing the VPN? I'm aware of the vpn policy routing app but using it will force me to disable my killswitch which doesn't work for me.

I did see one tutorial where someone did make an access point bypassing the Wireguard VPN, by isolating it into its own interface, but the author noted that you would need more than 1 ethernet ports to achieve this.

For reference I'm running openwrt on a Raspberry Pi 4.

moamo67 · July 25, 2020, 10:57am

moamo67 · July 25, 2020, 10:57am

tis working on rpi4 comfirmed

moamo67 · July 25, 2020, 11:05am

u dont need kiilswitch its a gadget , configure a good rule and remove this app firewall lan2 ===> vpn only ( no wan ) good!
drop the packet dont use reject is better ( reject need response from you rpi4 a ddoser can shoot u rpi4, drop dont need reponse from you rpi4 have more co2

debunker · July 25, 2020, 11:16am

Thank you for the guide, I'm following it now. But I can't seem to get a second wifi access point up and running. I press apply configuration and it hangs and reverts back.

Is this a known issue? Should I try manually adding it?

moamo67 · July 25, 2020, 11:17am

on rpi4 seconde wifi dont work the wifi on rpi4 is on beta for two years

remove kill switch , install dnmasq-full reboot install pbr and set u policy by ip to vpn or wan what u want

debunker · July 25, 2020, 11:21am

Oh that's unfortunate, I didn't know that!

So instead of the killswitch you're recommending that I enforce my devices to go through VPN instead of getting a device to bypass the VPN?

moamo67 · July 25, 2020, 11:24am

what u want u make bypass vpn or vpn through me i making a through

debunker · July 25, 2020, 11:28am

So I have 4 devices on my network: phone, ipad, main laptop, and gaming laptop.

I want my gaming laptop to bypass the VPN, due to latency issues. All the other devices should go through VPN at all times and internet access should be denied if the VPN connection is lost.

So I'm guessing how this works is I assign a static IP address for all my devices and use that in the pbr to enforce traffic through VPN? If so is there a way to enforce a static IP for a specific mac address on the router itself?

For example my phone will always be assigned the static ip address 192.168.99.5.

debunker · July 25, 2020, 11:44am

So I got the pbr bypass VPN, but now I can't route traffic through the VPN.

This is my config

Device razer can connect to the internet, bypassing the VPN.
Device phone and ipad cannot access the internet through the VPN.

moamo67 · July 25, 2020, 11:48am

the web us port 80 , u dont specify any port specify 0-65535 , 0-65535 for all trafic pass through

install dnmasq-full

debunker · July 25, 2020, 11:58am

I specified the ports and install dnsmaq-full but still no internet on my phone. I also put my firewall setting below, which I believe are correct.

moamo67 · July 25, 2020, 12:04pm

good job , but i think u dont have installed dnsmasq-full and no reboot

debunker · July 25, 2020, 12:11pm

Just rebooted and I can confirm dnsmasq-full is installed, I see it in the software installed list.

Could the issue be that I disabled pbr earlier and manually deleted the rules? Could that be causing this issue?

moamo67 · July 25, 2020, 12:13pm

Make screen of front of pbr .
Who is u défaut gateway ?
No when u you have problème u need look u logs . And when u dont have problème u need to see u logs logs logs logs logs logs is not beacuse its marked 'good ' its good , now see u logs a recomand to use openvpn instead of wireguard

debunker · July 25, 2020, 12:20pm

I got it working! There was something weird going on with my phone and assigning static ip addresses. So I just made a policy to direct all traffic to the VPN and created an exception on top of it.

Again thank you so much for your help!

moamo67 · July 25, 2020, 12:22pm

for what u have to set a static ip on iphone ? lol stop with this . but now see u logs its a good source for problem or solution

debunker · July 25, 2020, 12:23pm

I didn't think I could create a catch all rule in pbr! So I thought the only solution would be to assign static ip addresses to all my devices and then create separate rules.

This way is mcuh better though haha

moamo67 · July 25, 2020, 12:25pm

use dhcp with time of 600d and lets go turn off static my advise . or add hostname with specified ip and you with this a lan dns like iphone.lan openwrt.lan pc.lan

system · August 4, 2020, 12:25pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.