NeedHelp: I want to create on normally working OpenWrt an additional wifi which is connected through IPSecVPN with different Public IP and extended routing

I really need a little bit Help with configuration

below my situation.
Short description:
So I have 2 Internet Connections in different locations. Now I would like to open a separate Wifi, which traffic is completely tunneled. That is not the problem. that works. The special thing is, that I want to have it completely separated from my internal OpenWrt and RouterB. That means All traffic is coming from RouterA and going to RouterA. So I Created already a wifi and a Interface, and the VPNC interface. Everything is working well. The only thing is, I would like to use in the same time on another wifissid the local public IP.
How can I specify the correct routing for both public IP's?

Or is this only with the alternate routing table with iproute2 possible?
Thank you for your help.

Have you defined from one side the network of the guest ssid and from the other side the

1 Like

I know that in normal case i can have only one default route

but here i need two of them, but i do not know how exactly to realize that.
I was hoping, that some body has the same situation, and could help.

And yes i want to use different region ip's.

You need to do Policy Based Routing and you have 3 options:

  1. mwan3 package
  2. pbr package
  3. a set of rules/routes for each internet connection.

However the IPSEC tunnel doesn't exactly work with gateways, so you might hit a wall there and you'll need to reconsider the tunnel option and use Wireguard or OpenVPN.

1 Like

Hi trendy,

now I have a better explanation of what my goal is.

I would like to have a router in a router. Like a router C behind a router B. So only router B has Internet, and router C establishes connection through IPSec a connection to another AP(Router A) via router B. And Wifi of Router C deliveres the external public IP of router A.


But all this in only one device. That means only all traffic from Wifi Guestoverthere will be tunneled through VPN and exits at router C.

So in my scenario routerC and routerB are only one device. There are local public IP and another distance public IP, which is tunneled through VPN to the other end. On choosing which wifi to use, I choose the external outgoing Public IP, if it is the local or from distance.

I hope it is somehow clear. which kind of VPN is not important in this moment i think.

I think the more important part is how to route only all traffic from one wifi through the VPN. and let the other traffic untouched to exit normally direct to the net.


You still need some solution from the above mentioned to do policy based routing.

1 Like


thank you for the help you gave me.

Now my router is working again. I found a description how to set up a second routing table. But how can I setup a second one?
Here are 2 links, how to do it on normal Linux Computer.

I had a look also at the program from repository vpn-policy-routing with luci together, but it looks that it does not provide everything to me what I am looking for.

so the router simplyfied has 4 devices
one wifi called location2 configured with dhcp server and local ip
one wifi called location1 also with dhcp server
the Router is connected via wifi or ethernet to the internet
and a vpn-ipsec connection connected to another router in a second location.

the network on the second router is

How do I need to interconnect the interfaces to get the result, that if I am connected to wifi location2 all traffic is going through vpn and internet (tunnel) to get internet pages from the other location (other country) which are blocked from my normal location
(wifi location1).

which is the best solution?
Is there in luci support for a second routing table? And yes I am going to install next rules/routes. But maybe you have a good tip or hint how I can get faster to my aim.
Thank you, Happy Easter