mwan3 is running fine, I have a wan and a backup wwan (4g) When I stop interface wan than the wwan takes over. But I have to manually stop vpn-policy-routing.
How does the script look like that stops vpn-policy-routing when wan is down and start it again when wan is up again. (or even better when the wan can't ping. (I assume that the interface wan stays up in this case) so maybe I need a script with disconnected and connected instead of ifdown and ifup
I just wrote something down below.
if [ "${ACTION}" = "ifdown" ] && [ "${INTERFACE}" = "wan" ] ; then
(/etc/init.d/vpn-policy-routing stop)
fi
if [ "${ACTION}" = "ifup" ] && [ "${INTERFACE}" = "wan" ] ; then
(sleep 10 && /etc/init.d/vpn-policy-routing start)
fi
What is the point of running them both, when they serve the same purpose?
And what is the purpose of stopping vpn-pbr when there is only one interface and you'll send everything through that?
I have that in place, but this means in my case, that when the vpn is down it's going to WAN.
So your saying if my wan goes down, it goes to the next interface available, in my case wwan?
When wan is down it's going to wwan as the new default gateway and back when wan is up.
However my wireguard vpn is going from wan to wwan and that's ok, but it stays on wwan.
When I restart wwan it's fixed. but I need to do this manually.
Local Wireguard Server + Wireguard Client (Scenario 2)
Yes, I’m aware that technically there are no clients nor servers in Wireguard, it’s all peers, but for the sake of README readability I will use the terminology similar to the OpenVPN Server + Client setups.
If the Wireguard client is not used as default routing and you create policies to selectively use the Wireguard client, make sure your settings are as following (three dots on the line imply other options can be listed in the section as well). Make sure that the policy mentioned below is at the top of your policies list.
Relevant part of /etc/config/vpn-policy-routing:
config vpn-policy-routing 'config'
list ignored_interface 'wgserver'
...
config policy
option name 'Ignore Local Traffic'
option interface 'ignore'
option dest_addr '192.168.200.0/24'
...
I assume that the destination address is then the range of my Wireguard (10.2.0.0/24)
With the rule in place, I see that the wg0 interface restarts after I stop and start wan. But still need to restart wwan to stop it from routing over it.
I think wireguard is adding a static route for the destination, something like: XXX.XXX.XXX.XXX via 192.168.10.1 dev wlan0 proto static metric 20
which forces the tunneled traffic to go through that gateway. If the interface doesn't go down, it will remain there. So you'd need a rule in pbr to force OUTPUT traffic from the device towards that VPN server to use the wan, but to be able to switchover to wwan when wan is down.
The only thing that I don’t know. Is wan in ifdown state automatically when there is no internet connection? It looks like it stays up with no internet connection (cable unplugged)
So the script should check if there is a live internet connection otherwise the vpn-pbr doesn’t pick another wan.
I started an other threat for this, because it’s a new issue.