I have a site-to-site Wireguard configuration between OpenWRT and PFsense. OpenWRT has only one WAN. Recently I've added a second WAN (LTE) to the PFsense for failover.
I'd like to configure Wireguard in the OpenWRT to take advantage of the two WANs. Meaning, when WAN1 on the PFsense fails, OpenWRT should switch the WG tunnel to the WAN2. If WAN1 comes back online, WRT should switch the tunnel back.
However, is it possible to do so without changing IP Addresses of the tunnel and Allowed IPs in the peer configuration. Only the Endpoint host would change, because of course the two WANs one the PFsense have different IPs.
Can it be done by adding a second WG interface in the WRT and setting gateway metric? But then if Allowed IPs are the same on both WG interfaces, WRT wouldn't allow to create the same routes for both of them, would it?
Would policy-based routing work in this situation?
Maybe a better solution would be to configure WRT WG as a "server" without endpoint IP and PFsense as a client with WRT's IP as a endpoint? Then PFsense would handle WG failover.