Dual wireguard VPN with unique SSIDs. Possible?

Hello everyone,

I am a very new OpenWRT user and I'm very much enjoying the experience but I need some help with an idea I have that I want to implement and don't know how. I have tried searching around but I've not found an answer to my specific use case and I don't even know if it's possible to do what I want.

I have OpenWRT running on a Belkin RT1800 wireless AP. I have two Wireguard VPNs. One goes to my home, to a wireguard running on my private home network, and one goes to my commercial VPN provider.

What I want to be able to do, is plug any WAN link into the wan port on my wireless AP and to have two SSIDs. SSID1 will route all traffic through my home wireguard and SSID2 will route all traffic via my commercial VPN provider.

I have got the home network wireguard up and running. But if I just go ahead and add another wireguard, how can I get it so that only connections to SSID2 will route via this one? Is it just a matter of creating a different firewall zone and selecting that new zone on SSID2?

Won't it just try to route everything via the first wireguard?

Should I try to have different VLANs for the other wireguard?

I'm really sorry, I am a new user and I can't find answers to my questions online. Please can anyone help or even let me know if what I'm asking is even possible?

Thank you!!

You can do this with Policy Based Routing.

The radios must be on a different subnet if this is not the case then look into Guest Network setup

Thanks very much @egc I will give this a try hopefully tonight after work and report back.

Much appreciated!

On my lunch break so I decided to at least install the software for now to setup later,
got pbr installed but pbr-app-luci won't install. I assume this is because i'm on a snapshot and looks like I don't have the right dependencies.

root@OpenWrt:~# opkg install luci-app-pbr
Package luci-app-pbr (1.1.1-7) installed in root is up to date.
Collected errors:
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-nf-reject
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-nf-ipt
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-nf-log
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-ipt-core
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-nf-reject6
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-nf-log6
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-crypto-crc32c
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-nft-core
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 5.15.126-1-0f0db065e0b57643d380de80339ea0ed) for kmod-ipt-ipopt

I'm also assuming that this is just the GUI so I should be able to do this at least via the CLI ?

If you have questions feel free to ask, lots of very knowledgable and helpful people here

Nope https://openwrt.org/faq/cannot_satisfy_dependencies

ok thanks. guess ill look at using one of my other devices for this. Cheers.

or, you just install the latest snapshot, and the packages you need directly afterwards, just like the link I provided suggests ?

installing the RC2 from https://downloads.openwrt.org/releases/23.05.0-rc2/targets/ramips/mt7621/ would also solve the issue, those packages don't refresh.

ok thanks, i only set up the AP 5 days ago so im surprised that I didn't find that image when I looked. I will look into this, thank you.

it's not linked to from the wiki page, no.
the links will get updated once 23.05 is released, until then, they'll point towards the snapshots.