Multiple WG-VPN clients (all using and Multiple LANs

OpenWrt-Noob here. I am asking for a GUI-solution only, no scripts, only luci-packages if needed.

I am running six OpenWrt-VMs, each is only doing one privacy-VPN-Client connection via WireGuard for my main pfSense-VM.

Now I am thinking about reducing the OpenWrt-VMs to only one to safe RAM. I do use Watchcat with them and had best results with rebooting and not restarting interfaces, so I would loose that feature...

Anyway, just curious if I could only run one VM with six LANs and six VPN-Clients on it.
The privacy-VPN-Provider uses for every WG-tunnel. But if I have seen this correct, there is no IP given or shown in OpenWRT for their side of the tunnel, so that is probably not something to think about?

The only way I can think to make it work would be to assign them to dedicated routing tables.

1 Like

Interesting. Now I do think that I am able to change my address to something in the range, probably not .1. So my heading wasn't the best. Although I had some stability problems with that in pfSense, so I am not 100% sure how well it will work in the end. It also could be some unknown problem with the WireGuard implementation in FreeBSD (pfSense).

It will still be problematic to have multiple interfaces in the same subnet and using the same gateway.

1 Like

I changed the ip-address in one vm and will have a look how it is going.

It is not the same gateway, the gateway ip is unknown (at least to me). And I should be able to use /32 instead of what they say, will try this next.

I see problems, might be related to the ip change and watchcat not resolving it by only restarting the wiregurad interface.

Out of curiosity, what would I need to change from having one LAN and one WG-Client to having multiple LANs and one WG-Client for each LAN in the GUI. With the firewall I do think I know, but where to change the routing easily and most graphical? :wink:

Have a look at the PBR package:
I have multiple WG tunnels (two site-to-site setup to other servers, my regular tunnel which has two other tunnels in a fail over group, and two for TV to another country)

For the failover tunnels I use my own script:

1 Like

But with my one LAN per WG interface, I might not need another package like PBR? I use pfSense for all my detailed routing afterwards, so I want to keep it simple on OpenWrt.

If you have one vlan per tunnel you do not need that (you have the PBR done on your pfsense which is of course fine)

Creating VLANs or better LANs (more easy to me) shouldn't be the problem, but where do I have to change the config in this regard (routing especially).

Assign one lan and the appropriate wg-client interface into the same routing table.

1 Like