NeedHelp: I want to create on normally working OpenWrt an additional wifi which is connected through IPSecVPN with different Public IP and extended routing

I really need a little bit Help with configuration

below my situation.
Short description:
So I have 2 Internet Connections in different locations. Now I would like to open a separate Wifi, which traffic is completely tunneled. That is not the problem. that works. The special thing is, that I want to have it completely separated from my internal OpenWrt and RouterB. That means All traffic is coming from RouterA and going to RouterA. So I Created already a wifi and a Interface, and the VPNC interface. Everything is working well. The only thing is, I would like to use in the same time on another wifissid the local public IP.
How can I specify the correct routing for both public IP's?

Or is this only with the alternate routing table with iproute2 possible?
Thank you for your help.

Have you defined from one side the network of the guest ssid and from the other side the

1 Like

I know that in normal case i can have only one default route

but here i need two of them, but i do not know how exactly to realize that.
I was hoping, that some body has the same situation, and could help.

And yes i want to use different region ip's.

You need to do Policy Based Routing and you have 3 options:

  1. mwan3 package
  2. pbr package
  3. a set of rules/routes for each internet connection.

However the IPSEC tunnel doesn't exactly work with gateways, so you might hit a wall there and you'll need to reconsider the tunnel option and use Wireguard or OpenVPN.

1 Like

Hi trendy,

now I have a better explanation of what my goal is.

I would like to have a router in a router. Like a router C behind a router B. So only router B has Internet, and router C establishes connection through IPSec a connection to another AP(Router A) via router B. And Wifi of Router C deliveres the external public IP of router A.


But all this in only one device. That means only all traffic from Wifi Guestoverthere will be tunneled through VPN and exits at router C.

So in my scenario routerC and routerB are only one device. There are local public IP and another distance public IP, which is tunneled through VPN to the other end. On choosing which wifi to use, I choose the external outgoing Public IP, if it is the local or from distance.

I hope it is somehow clear. which kind of VPN is not important in this moment i think.

I think the more important part is how to route only all traffic from one wifi through the VPN. and let the other traffic untouched to exit normally direct to the net.


You still need some solution from the above mentioned to do policy based routing.

1 Like