I've got policy based routing split WG VPN setup as described below. I've decided to host http(s) over ports 80 and 443 using Let's Encrypt! on a device with ip 192.168.1.150 and have forwarded these ports in the firewall. Without the VPN enabled it works and I can access the sites using my mobile phone when using mobile data rather than the WIFI.
I would like all 192.168.1.150's traffic except this incoming traffic routed over the WG. In other words: how do I exclude the forwarded ports from the WG rules?
I've tried adding !80 !443 to the second policy but this doesn't seem to work. What policy would you recommend? Or would the problem perhaps not be with the policy?
The WG interface is part of the same zone as the WAN interface.
config policy option name 'local-ignore' option interface 'ignore' option dest_addr '192.168.0.0/16 172.16.0.0/12 10.0.0.0/8' config policy option name 'lan-wgclient' option interface 'wgclient' option src_addr '192.168.1.128/25' config policy option name 'wgserver-wgclient' option src_addr '172.16.1.128/25' option interface 'wgclient' config policy option name 'dns-wgclient' option dest_addr 'x.x.x.x' (DNS server IP to prevent DNS leak) option chain 'OUTPUT' option interface 'wgclient'
Thanks for your advice