How to create a second access point with WireGuard

It isn't a console command. Please take time to review the Wiki. If looking at the configurations bother you, this can also be don't in the LuCI web GUI.

Console:

ip -4 route

Web GUI:

Then don't.

What team are you referring to?

So LuCI web GUI is useless?

If the wiki was translated into my native language, I would do so.

About this option in '<interface_name>'
Is it really not clear? They wrote me a command, I ask what it does and they tell me that there is no command. What were you smoking?

I don't understand the question. I just provided details on the LuCI web GUI.

Routes: https://openwrt-org.translate.goog/docs/guide-user/network/routing/routes_configuration?_x_tr_sl=auto&_x_tr_tl=ru&_x_tr_hl=en-US&_x_tr_pto=wapp

Rules: https://openwrt-org.translate.goog/docs/guide-user/network/routing/ip_rules?_x_tr_sl=auto&_x_tr_tl=ru&_x_tr_hl=en-US&_x_tr_pto=wapp

or feel free to use your own translator.

Again:

See Wiki:

The same thing you are?

What have you given me? For what purpose did I create this topic? I want to create a second wireless access point and configure WireGuard on it. Following the tips of another user, I created a second access point, but both provide Internet access directly, without WireGuard.

How do I enable WireGuard for a second access point? This is my question. And I haven’t yet read the answer “where to go” and “what to click” to do this.

And what should I understand from this?

config route 'route_example_1'
         option interface 'lan'
         option target '172.16.123.0'
         option netmask '255.255.255.0'
         option gateway '172.16.123.100'
config rule
option mark '0xFF'
         option in 'lan'
option dest '172.16.0.0/16'
option lookup '100'

What's this? Where is it? Where should I look for such settings?

I don't see anything similar to your wiki here

image962×734 42.4 KB

Please review again:

If it wasn't clear, you:

• Browse to Network > Routing
• For Routes, click "Static IPv4 Routes"
• For Rules, click "IPv4 Rules"

• You browse to Status > Routing

You delete them and then Save/Apply the config. To be clear again, it's not a command.

As discussed by you and mk24 - you would select VPN - assuming that's the Interface you wish to use Wireguard.

You sent the wrong screenshot

Is that right? I don't think it works

image961×368 14.9 KB

No, I did not.

The screenshot I posted answered your question:

I did not provide a screeshot on how to access the Routes page. You asked for written instructions on how to browse to the page:

That would be this image.

Please don't confuse making the config and checking the config was applied.

I still don't understand what I need to do

Without using PBR - Browse to Network > Routing:

Static IPv4 Routes

1. Add Route

• General Settings
  • Interface: WARP
  • Route type do not change Unicast
  • Target: 0.0.0.0/0
• Advanced settings
  • Table: 1
  • (do not change other settings)

IPv4 Rules

2. Add Rule

• Incoming interface : VPN
• Destination 0.0.0.0/0
• Table :1

Save/Apply

3. Click "Save & Apply"

Check configuration applied

4. Browse to Status > Routing

I do not have that

image882×459 22.5 KB

I do not have that

image884×728 31.2 KB

Should I create Table :1 myself?

Yes you do:

Yes, you will be creating a new table for your WARP route to the Internet, which is noted as 0.0.0.0/0 (reviewing the Wiki and Linux manual on routing tables would be helpful in this process if you have questions).

EDIT:

After creating the route, the rule tells traffic entering VPN interface to use table 1 for routing.

(FYI - I should note that the PBR package would have done this for you. It may be an option for those who are easily confused by making routes/rules.)

Progress. WireGuard is working. I was able to log into YouTube from my phone without launching VPN on my phone. BUT. I noticed that WireGuard works for both access points. Something is not set up right. But what?

Amendment. WireGuard connected even for a PC connected via cable. This definitely shouldn't happen

Both of these?

This is expected, as you specified interface VPN.

Or both of these?

Then create a different, non-VPN interface, or use IP instead, etc.

Both of them all. It doesn’t matter whether you are connected to the first access point, connected to the second, or connected via cable. WireGuard works everywhere. Why did I give the second access point the address 192.168.2.1 if WireGuard works for everything?

Please be clear - I see 4 APs

AP x2 - LAN (not WARP)
AP x2 - VPN (WARP configured)

Are you saying that WARP is working on LAN machines too?

Are you saying you now wish to use SRC IP instead of SRC Interface?

Where did you get 4 access points? There are only 2 of them. K14M and K14M VPN

image970×416 27 KB

I want to say that WARP works for ALL devices connected to the router. But you need WARP to work only for devices connected via the K14M VPN wireless access point. Second wireless access point (K14M) and wired connections should work without WARP
​

• Click "Edit"
• Show screenshot

1. We need to verify that K14M is using LAN interface.
2. Please verify wired devices are being connected to LAN

In what sense is "now"? From the very beginning I wrote that I wanted to make two wireless access points, one with VPN and the other without. If I need to use VPN on my smartphone, I will connect to K14M VPN, if I don’t need VPN, I will connect to K14M. On a PC connected via cable, VPN is not needed at all.