First time OpenWRT user here with little to no experience in networking.
I run OpenWrt on a latest snapshot ( r30867-43ae8e17e1 ) on an OpenWRT ONE hardware and I would like to configure split routing, such that traffic, coming from my guest network (has 192.168.10.0/24 IP range that is not used anywhere else in my network) to Internet, is routed through VPN interface, and the rest is routed directly through WAN interface.
Thank you very much. Unfortunately, it haven't worked yet. When I add those four entries to /etc/config/network, attempt to ping any IP from external Internet (for example, ping 8.8.8.8 from my desktop computer, connected to lan) says that destination is unreachable
I don't know whether there was a need to make any changes to /etc/iproute2/rt_tables, so I left it without any changes
Here is my current /etc/config/network file so far, from top to bottom:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd04:9693:8754::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'GuestLAN'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option force_link '1'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
config interface 'HomeVPN'
option proto 'wireguard'
option private_key 'omitted'
option listen_port '51821'
list addresses '10.0.100.0/24'
config wireguard_HomeVPN
option description 'Pixel 7'
option public_key 'omitted'
option endpoint_port '51821'
option private_key 'omitted'
list allowed_ips '10.0.100.2/24'
config interface 'GuestVPN'
option proto 'wireguard'
option private_key 'omitted'
option listen_port '5870'
list addresses '10.0.100.1/24'
config wireguard_GuestVPN
option description 'Pixel7'
option preshared_key 'omitted'
list allowed_ips '10.0.100.2/24'
option endpoint_port '5870'
option public_key 'omitted'
option private_key 'omitted'
config device
option name 'eth1'
config interface 'Guest'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
list dns '194.242.2.2'
option ip4table 'mullvadvpn'
config wireguard_HomeVPN
option description 'MyThinkpad'
option public_key 'omitted'
option private_key 'omitted'
list allowed_ips '0.0.0.0/0'
option endpoint_port '51820'
config interface 'Mullvad'
option proto 'wireguard'
option private_key 'omitted'
list addresses '10.64.94.102/32'
list dns '10.64.0.1'
option force_link '1'
option nohostroute '1'
config wireguard_Mullvad
option description 'se-mma-wg-001.conf'
option public_key 'omitted'
list allowed_ips '0.0.0.0/0'
option endpoint_host '193.138.218.220'
option endpoint_port '51820'
option route_allowed_ips '1'
config route
option target '0.0.0.0/0'
option interface 'Mullvad'
option table '3'
config rule
option in 'Guest'
option dest '0.0.0.0/0'
option priority '1'
option lookup '3' #table no in route
config route
option target '0.0.0.0/0'
option interface 'wan'
option table '2'
config rule
option in 'lan'
option dest '0.0.0.0/0'
option priority '2'
option lookup '2' #table no in route
Thank you very much! I followed your instructions, got rid of "HomeVPN" and "GuestVPN" interfaces and, so far, both traffic from "lan" and "guest" networks is routed as intended.
It looks like you have tried to setup two WireGuard Servers?
That's right. My idea is to have three VPN interfaces. Two of those would provide remote access to "lan" and "guest" networks; and the third one would route traffic from "guest" network to Internet through commercial VPN server
I will proceed to creating "HomeVPN" and "GuestVPN" interfaces again, and I will mark the ticket as solved if I manage to make everything work
P.S. I think that configuring such VPN chain is a topic for a whole different conversation, so I would consider the problem, described in this topic, to be solved. Thank you again and best regards
