I have decided to flash OpenWRT on my GL-iNet MT6000 / Flint 2. I have used DD-WRT in the past and have basic network knowledge but need some help if possible.
All is working well but I have hit an issue regarding my wireguard setup.
I have a Surfshark wireguard tunnel running 24/7 for 2 devices on my lan. Using the native GL firmware, these two devices went via the tunnel by MAC address and the other devices went straight to the WAN.
I have configured the wireguard tunnel and it works for all devices when the target IP is 0.0.0.0/0.
I have set a static IP for each device, removed 0.0.0.0/0. Added the two static addresses and I get no traffic throughput at all. I can see packet traffic on the wireguard interface though.
I have looked into PBR and even tried to lean on ChatGPT but that was rather vague.
Can anyone help me get 192.168.1.200 and 201 to go down the tunnel?
Then you need Policy Based Routing to route your LAN clients (via MAC address if you are using IPv4 and IPv6) or via IP address if you are IPv4 only.
Either install the full package see:
I have ticked the route all traffic just to test the tunnel and it is working so that’s good. I have unticked that now and traffic is going to the WAN.
I have just installed PBR.
I have service gateways wan and wg0 ticked and the service control is enabled. Is that correct?
The bit I am stuck with now is the policy.
I have created a policy called wg01 VPN.
Local address as 192.168.1.120, one of my tunnelled devices.
Local ports I have left empty.
Now for remote, if I want all traffic on 1.120 to go via the tunnel what do I choose? Do I leave that blank?
Chain is rerouting and the interface at the bottom is wg0.
Not specific for PBR.
If you have a working connection with Route Allowed IPs enabled (meaning everything via the WireGuard tunnel, check with ipleak.net) then you have all the necessary firewall rules in place already.
