Multiple WAN interfaces and routing

oler · September 29, 2017, 9:11am

Goal

Configure routing different routing targets (WANS) for different internal interfaces (Zones).

Circumstances

I want to separate Guest devices from my (own) private local network, i.e. want a separated guest network.
I want to route the majority of the traffic through a VPN wan, with some exceptions. Exceptions shall apply for the private network only. These exceptions shall be routed through another wan port (standard internet service provider).
I therefore setup two wan interfaces (wan and wan_2 and two lan (LAN and LAN_guest) interfaces.
- firewall allows access for LAN to ẁan and wan_2
- firewall allows access for LAN_guest to wan_2 only
- default route for both lans is wan_2 i.e. the VPN route.
- I configured exceptions (access targets not through VPN) via luci Static Routes

This works fine for the private network.
The issue is, that devices in LAN_guest guest now cannot access resources where I configured the above mentioned exceptions for.

What is the best way to allow guest devices in LAN_guest to still access resources (via wan_2 now)?

Google found topics such as policy based routing or source based routing. I am not sure how to configure this with LEDE. Do I need to configure Traffic Rules or Custom Rules?

Many Thanks in advance

oler · October 14, 2017, 5:26am

Nobody?

There should be a way to configure specific routing targets for different internal interfaces (Zones).

oler · October 18, 2018, 5:33pm

I could still not find a solution for this. Any hints?

lleachii · October 18, 2018, 5:59pm

You use neither. Your firewall seems setup OK as described...Here is an example of the Policy-based routing you need:

config rule
	option in 'LAN_guest'
	option dest '0.0.0.0/0'
	option priority '2'
	option lookup '2'

config route                                                                    
	option interface 'wan_2'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option gateway 'xxx.xxx.xxx.xxx'
	option table '2'