Mwan3 and wireguard can only be accessed through a low-metric wan port

In the environment where openwrt has a wan port, wireguard can only be accessed through a low-hop wan port. Can you fix this bug?

Can you clearly explain what this means?

As this is common, please clarify this statement.

Assume that openwrt has two broadband WAN1 hop 10, WAN2 hop 11, wireguard can only connect through wan1 handshake, wan2 can not connect. The following post is a solution to wireguard patch by a netizen. I tried to recompile and still have problems.

To be clear (since you haven't mentioned it whatsoever), are you having a mwan3 issue with Wireguard?

If so, have you configured your mwan3 for that?

We'll need more details, it seems you wanna change the outbound route of traffic depending on the SRC of the incoming peer traffic? We need more information to assist.

If I'm not mistaken this is a known issue with mwan3 and WireGuard, where WireGuard would receive incoming packages on one WAN interface and send outgoing packets on another. Short of patching and custom-compiling several things I'm not aware of an easily "configurable" solution.

I've personally run into this problem with a PPPoE and an 4in6 interface on the same WAN line (that's possible here in Japan) and aside from the issue showing with WireGuard connections from/to the router I had trouble even with random WireGuard connections initiated by hosts in the internal network. I eventually gave up on having two IPv4 interfaces and dropped the 4in6 interface, but I realize that's not an option for everyone.

1 Like

That's right, it is what you said, when the wireguard handshakes the high point wan port, the data will be sent from the low point wan port.

So you are having an mwan3 issue?

Is the endpoint's peer address known and static?

This is a problem with wireguard. When the handshake is passed in, wireguard will not retain the source address, and then when sending, wireguard should call the default route of the system (a route with a low hop), so that A enters B and exits without returning data through the original route. This is not a mwan3 problem.

I understand. I asked a question to see if its possible to set a routing policy:

If the peer's IP is known and doesn't change, it may be possible to make a policy that routes it thru the correct WAN port.

I had a similar issue with Wireguard thru 2 IPv6 WAN interfaces.