Mwan3 and NordLynx

I already setup NordLynx (= NordVPN wireguard protocol) interface in my openwrt installation and I think it's work fine:

root@OpenWrt-rpi4:~# ping -c 3 -I NordLynx
PING ( 56 data bytes
64 bytes from seq=0 ttl=118 time=75.082 ms
64 bytes from seq=1 ttl=118 time=77.885 ms
64 bytes from seq=2 ttl=118 time=79.562 ms

--- ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 75.082/77.509/79.562 ms

Added Interfaces, Member, Policies and Rules to mwan3 config:

config interface 'NordLynx'
        option enabled '1'
        option initial_state 'online'
        option family 'ipv4'
        list track_ip ''
        option track_method 'ping'
        option reliability '1'
        option count '3'
        option size '56'
        option max_ttl '60'
        option check_quality '0'
        option timeout '4'
        option interval '10'
        option failure_interval '3'
        option recovery_interval '3'
        option down '5'
        option up '3'

config member 'nordlynx_m1_w1'
        option metric '1'
        option weight '1'
        option interface 'NordLynx'

config policy 'nordlynx_only'
        list use_member 'nordlynx_m1_w1'
        option last_resort 'unreachable'

config rule 'VPN_NordLynx'
        option src_ip ''
        option proto 'all'
        option sticky '1'
        option use_policy 'nordlynx_only'
        option logging '1'

Assigned interface NordLynx to WAN firewall zone.

From Status --> Load Balancing interface NordLynx is online but when I active rule VPN_NordLynx I can not exit to wan from (ping failed).

Where I'm wrong?

Is there a guide you were following for setup? In my experience, the VPN interface should have its own firewall zone or it should be assigned to the LAN firewall zone depending on use case.

Thanks @mmstano for your reply, I followed this how-to:

in 3th or 4th reply someone suggest wan zone.
Already test lan zone without success...

If you followed that guide, did you add a DNS address to the wireguard interface? Like Cloudflare’s

I added NordVPN dns as suggested in this reply:

1 Like