I've set up my home network with three OpenWrt-Routers: one that connects to the Internet and provides a normal wifi access point. Connected to this router are two additional routers who each tunnel their whole traffic through wireguard - and each of them has their own wifi network:
Now what I'd like to set up is a home network, where I can communicate freely between those three routers and the clients at home.
But I really have no clue how to manage it. I've tried to use PBR for this, but I'm simply overstrained by it - I don't really get how to use it.
Ok... so what you have on routers 2 and 3 is double NAT... although it is irrelevant because of the VPN tunnel.
What you can do is add routes on router 1 and update the firewalls on routers 2 and 3 to allow traffic to flow.
If router 1 is 192.168.1.1
and then router 2 is 192.168.1.2 (WAN), 192.168.2.1/24 (LAN)
and finally router3 is 192.168.1.3 (WAN), 192.168.3.1/24 (LAN)
router 1 would need static routes as follows:
network 192.168.2.0/24 via 192.168.1.2
network 192.168.3.0/24 via 192.168.1.3
(optionally, you can put static routes in routers 2 and 3 to point to the other router)
Then you would turn off masquerading on routers 2 and 3 for the WAN zone. Then add zone forwarding rules from WAN > LAN for those routers, too.
Now, the wireguard tunnels allowed IPs may need to be updated to exclude (the two upstream networks), so !192.168.0.0/16 would do the trick here, or you may want to do VPN PBR.
Just tried it myself, and it does indeed cause the entire interface to fail. Bummer. So you could list all of the ranges that exclude it (a much longer list), or just use PBR.