Guest wifi on openvpn vs wireguard

I'm looking for open answers here and not necessarily a solution.

-my regular wifi has VPN while my guest wifi is not on any VPN.
I use the VPNbypass program for my guest wifi since it works. --No other guide has proven useful for guest wifi without a VPN no matter how many times i read it, interpret it, or compile it.

Everything works without a problem when i use openvpn and I will continue to use openvpn for now.
When I switch my VPN interface in the network config file from openvpn to wireguard proto (and fill in VPN details for wireguard) my guest wireless is now either going through the VPN interface or not working for internet traffic at all.

my question essentially comes down to Why does a vpnbypass work for openvpn and not wireguard when the only settings i changed are under the VPN interface in the network file and are all confirmed working and recommended settings from VPN provider?

I'm trying to think of any issues or questions before you respond. My vpn interface name is always the same. The VPN interface works seamlessly when i switch main wifi from openvpn to wireguard and vice versa. The guest wifi drops and disconnects hard on wireguard connection.

A couple of ideas: IP address overlap or default gateway override.
If you just want to separate the lan and the guest wifi, you don't need any fancy programs, a set of rules/routes will do.

I think we have the same setup.

I have WG running through LAN
Guest Interface setup using this (separate network/ip range) - https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan
WAN - Local ISP

This guest interface unfortunately connects to WG, which I do not want.

My workaround for this is to create a VPN policy routing.
Adding the IP Range of the Guest Interface.. in my case it's 10.10.1.1/24
This routes the Guest Interface to WAN (local isp), which bypasses the WG vpn.

article - https://docs.openwrt.melmac.net/vpn-policy-routing/#service-configuration-settings

result:

  • Guest Interface has Local ISP internet, but on a separate network/ip range (10.10.1.1/24)
  • WG VPN on LAN interface
  • WAN interface with local ISP(192.168..)

I'm here investigating this myself. this issue just presented itself to me. 72 hours ago i was not experiencing these issues.

Hey, im just the original peon that made this thread. anyone know why the latest weeks updates made this vpn-policy-routing program not work?

Are you running package updates?

Usually I do because I am setup to and I can help sometimes in issues like these.

I simply booted to my slightly older backup partition for now and it is working but I'm starting to think the culprit is the latest hostapd-common for my system but I don't have any other information yet.

In general, it's not advised to run package upgrades...but I'm not sure what "setup to" and "help sometimes in issues like these" meant...because there are many threads of users having issues with their devices - beginning with upgrading packages.

If there's some reason you always need up-to-date packages, you should install snapshot at your chosen interval - then immediately install all packages after.

I've had this discussion before. I'm always going to do package updates and the snapshots cant be upgraded after 24 hours or so. most of my routers are out in the field so i dont ever have physical access to upgrade the firmware on them but running opkg update has always worked for me. My customers understand that and agreed to it and so I taught a person at each site how to flip over to a backup or recovery partition in case it goes south. I'd love to remote upgrade firmware that reinstalls my required packages but that isn't what this topic is about.

My findings regarding this issue initially pointed to the vpn-policy-routing because it stopped working and had very little log info to run on. It wasn't giving me any errors that radio2 wasn't working properly or at all so I never checked it. I did testing and found that radio2 no longer works properly when using the latest hostapd-common thus this vpn-policy-routing no longer works. Once I downgraded from hostapd-common 2020-06-08-5a8b3662-37 to hostapd-common 2020-06-08-5a8b3662-35, the guest wifi and vpn-policy-routing started working like usual again. I don't know why it stopped working or if vpn-policy-routing only stopped working with hostapd-common on my linksys wrt3200acm or if hostapd-common stops functionality on vpn-policy-routing running on every system.

:face_with_raised_eyebrow:

I actually found something for you (seems you need to upgrade another package with hostapd-common):

1 Like

Thanks lleachii. I still have questions and reasons for doing these upgrades but I will find somewhere else to ask these questions.

hey misionaryo, thanks for the advice. luci-app-vpn-policy-routing solved my issue. I thought you were saying you were having the same problem as me but I did end up using that solution so I'm marking that as the solution.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.