Load balancing wireguard with dual internet connections


How best can I create the affinity between wg0 -> eth1 and wg1 -> eth2?

I've been attempting (unsuccessfully) to bring up two wireguard VPN connections over two internet connections and load balance between the two secured connections with mwan3. The following diagram depicts the desired outcome.

Where this currently falls apart is that the DSL connection comes up before the PPoE Cable connection is ready and both wg0 and wg1 are connected via that single path.

The other challenge is when one link has a blip and both wg interfaces end up on the same WAN link without a clear way to force them to their respective links.

1 Like

if you could have access to the other sites then you could initiate the vpn from there by the right link

I thought about that as an option, could also setup two routers as edge devices that have the wireguard tunnels and then have this setup as a distribution router with the single purpose to balancing the connections but there is some overhead with that. I'm hopeful there is a simple solution somewhere.

Hi Daemonp,

I'm looking to achieve exactly that - two WG tunnels on two separate layer2 interfaces.

Did you manage to get it to work where outbound traffic is load balanced between the two WGs ?


Hey @Saul

I haven't had much luck, I moved recently and no longer have a viable 2nd link at the moment to test with. Though I did have a new idea recently which would involve 3 openwrt routers, but I suspect you need a routing protocol to handle the per packet load balancing from router 1 through to the wg endpoint, but I'd need to tinker to figure that out.

lan Router 1 wan -> lan Router 2 wan -> wg0 -> wireguard endpoint
lan Router 1 wan -> lan Router 3 wan -> wg0 -> wireguard endpoint

You guys are overthinking this. Note, public IP 2 has an interface metric of 0 (preference) while public IP 1 has an interface metric of 1.