WAN failover is working correctly, but how can I add wireguard VPN to that setup?
Wireguard will be used for split tunneling (should I use load balancing in that case?).
What member metric should I add to VPN to make it work parallel with active wan?
If i set metric 1 to wireguard , mwan will switch to wireguard, not wan2, when wan1 fails.
Also I heard wireguard should be restarted every time wan is switched, is this correct?
Yes, wireguard encodes endpoint IPs extra time, so you have to restart it, until wireguard comes up with its own multipath solution.
Do you know some scripts to restart wireguard at wan change?
mwan3 provides for user script that is ought to send notification email, would not hurt it does ifup wig0 instead
thanks for suggestions.
BTW I found chatgpt is pretty useful for configuring mwan3 for my requirment.
The answer is:
wan1 and wan2 should be set as mwan members with metrics shown on picture, failover policy set to Last resort - unreachable and add traffuc rule for wireguard:
rule 'wireguard'
option src_interface 'your_wg_interface_name'
option proto 'all'
option dest_ip '0.0.0.0/0'
option use_policy 'your_policy_name'
Also it looks like there is no requirment to restart wireguard because the rule automatically redirects traffic to active wan.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.