Multiple WAN interfaces and routing


Configure routing different routing targets (WANS) for different internal interfaces (Zones).


  • I want to separate Guest devices from my (own) private local network, i.e. want a separated guest network.
  • I want to route the majority of the traffic through a VPN wan, with some exceptions. Exceptions shall apply for the private network only. These exceptions shall be routed through another wan port (standard internet service provider).
  • I therefore setup two wan interfaces (wan and wan_2 and two lan (LAN and LAN_guest) interfaces.
    • firewall allows access for LAN to ẁan and wan_2
    • firewall allows access for LAN_guest to wan_2 only
    • default route for both lans is wan_2 i.e. the VPN route.
    • I configured exceptions (access targets not through VPN) via luci Static Routes

This works fine for the private network.
The issue is, that devices in LAN_guest guest now cannot access resources where I configured the above mentioned exceptions for.

What is the best way to allow guest devices in LAN_guest to still access resources (via wan_2 now)?

Google found topics such as policy based routing or source based routing. I am not sure how to configure this with LEDE. Do I need to configure Traffic Rules or Custom Rules?

Many Thanks in advance


There should be a way to configure specific routing targets for different internal interfaces (Zones).

I could still not find a solution for this. Any hints?

You use neither. Your firewall seems setup OK as described...Here is an example of the Policy-based routing you need:

config rule
	option in 'LAN_guest'
	option dest ''
	option priority '2'
	option lookup '2'

config route                                                                    
	option interface 'wan_2'
	option target ''
	option netmask ''
	option gateway ''
	option table '2'