Help with connecting 2 wireguard firewall zones

Hello.

I've been struggling with a problem for a couple of days and I'm hoping someone can help sort out what's wrong.

I have a total of 4 firewall zones. wg_in and wg_out are 2 separate wireguard interfaces. As the name implies, wg_in allows me to connect to the router and wg_out is to use a wireguard client to vpn to the world.

If I change wg_in to forward to wan I can access the internet as if from my home router. As soon as I change it to wg_out, that access stops. My guess is that its a routing issue, but I'm not sure where to look.

I have verified that wg_out tunnel is working because I can ping to google and cloudflare from the router itself using the wg_out_proton interface.

I'm sure its something simple and stupid that I'm missing, but I'm not sure what. I feel like I'm missing something to route between wg0 and wg_out, but I'm not sure what it could be.

Please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/firewall
ip route show
wg show

Note: you cannot use a WG client and WG server at the same time without Policy Based Routing because traffic for the server comes in via the WAN and also has to go out via the WAN and not via the WG client

I'm sorry for the late reply and thank you for the responding when you did. You were correct in needing to use PBR to get that to work. Once I did that it worked as expected.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.