Hi All,
I am running OpenWrt SNAPSHOT r28277 as a Wireguard client on a GL.iNet GL-X3000 Spitz AX to connect back to my home site (road warrior setup).
I would like to have 2 SSID's (on the same radio), one for streaming video (ssid: "Streamin") and the other for laptops, phones, etc. (ssid: "Workin") where all the traffic will go through my Wireguard server on my home network.
The path to the internet would be as follows:
- TV's, streaming device clients -> Spitz LAN1 or WLAN Streamin -> Spitz Cellular Modem -> Internet
- Laptops, phones, etc. -> WLAN Workin -> Wireguard Tunnel -> Spitz Cellular Modem -> Internet -> Home ISP modem (port forwarded) -> Home Wireguard VPN server -> Internet
I am trying to have the following features for the Workin WLAN:
- All traffic from this WLAN to be routed through the Wireguard tunnel
- No DNS leaks or anything that might indicate it came from the remote site
- Kill switch setup where if the VPN server is not running, the Workin network would not have any internet access at all (the Streamin WLAN should continue to work as it's not using the tunnel).
I've been playing around a bit with the firewall, firewall zones, and all that but can't for the life of me figure out how to setup the network adapters, interfaces and firewall to make all this work. I have found some info on setting up the kill switch and so on, but am not sure how to apply that to my needs for the dual SSID setup.
Any helpful information would be greatly appreciated!
Thank you!!
The firewall is only part of it. You also need policy based routing.
https://openwrt.org/docs/guide-user/network/routing/pbr
1 Like
@psherman thanks for pointing me in this direction. I didn't mention in my original post that, besides wanting pbr/split tunneling,I needed multi-wan for failover on it and had mwan3 installed. I was not able to make the mwan3 play nice with pbr so (after MUCH tinkering) I started over trying to get the PBR working first. It was then I realized that the functionality I needed from mwan3 (which was 3 level failover on my Spitz AX wan port -> wlan wan -> cellular modem) could be achieved by just using PBR (along with my 2 ssid's one through the Wireguard tunnel). Now it works perfect.
So, although I probably did a lot of messing around, I actually learned quite a bit about OpenWRT during these exercises which is far more valuable than just being told how to do something. I really appreciate your help to point me in the right direction. Having come from the original custom firmware on WRT54G's I must admit I've had a few attempts to figure out the latest features of OpenWRT (e.g. DSA) so it's good to be forced into it! As a bonus I picked up a new home router (Flint 2) and had a chance to build out my proper VLAN setup (IOT, work, home and guest) and setup the Wireguard server on it.
It's been an awesome experience and it's amazing how far it has come since the old days
I don't want to mark this as solved with my own post so if you reply to this saying PBR is the way to go the solution should help some other folks with the same setup to avoid the mwan3 route. Thanks.
Glad that this is all working out -- and I'm especially happy that you enjoyed the learning process (even if it was a bit frustrating at times).
The point of the 'solution post' is to surface the most relevant information to future readers. We obviously encourage users to give credit where due, but there are times that no single post makes sense as the solution because multiple posts (from one or more contributors) may have been necessary to solve the issues. Your writeup actually contains tons of additional info that might be useful, and it's totally legit to mark your own post as the solution in that or the summary case.
I did... that was the first reply on this thread .
2 Likes