Fallback to WAN

Hope that someone can give a push in the right direction:

I have a setup with a LAN, Wireguard and WAN/WAN6 setup

Screen Shot 2020-10-01 at 13.03.35

I can swap between Wireguard and WAN through VPN Policy Routing.

What I need is an automatic fallback to WAN in case the wireguard tunnel is broken ... I have to sacrifice security for operational stability if that happens.

Any ideas ?

put both to wan zone and use mwan3 to use wg as primary?
(with rule to remote peer as real wan only

1 Like

Try to set up failover using mwan3:

Thank you all for your input ...

This seems to have solved my problem:
#Hi 674574, thank you for your input … actually your advice seems to have done the trick. Still testing but I haven’t been able to create the issue again so far.

I created two WG interfaces (separate private keys) and did not mark the “Route Allowed IPs” in the Peers section of both interfaces.

I created the firewall as you can see on Zones picture.

A positive side effect was in the “VPN Policy Routing” where the default Service Gateway now is the WAN. (not randomly between Gateways, WAN, WG1 & WG2).
This means that the router has an auto fallback to WAN in case a WG tunnel looses connection, by using the config parameter "Strict enforcement" with "do not enforce policies ....."

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.