Hi. I have used OpenWRT for some time with a very basic setup. I run it in switch mode behind my ISP router, and only really use it for local dhcp and dns. Also, i set up a wireguard interface (wg0) so i can access my home network from outside. All is working well.
Now, i would like to start using pbr to have some of my devices connect to my vpn provider, while the rest of my connected devices use my regular isp connection. I upgraded to 23.05, added another wg interface (wg1) and installed pbr. I disabled wg0 for now, just to make sure it doesn't interfere with wg1. wg1 seems to be connected to my vpn provider, because i see some data being sent back and forth. But i can't seem to be able to start the pbr service. System log is saying: 'service waiting for wan gateway...'
I have no idea what is causing this, or what to do about it. Could it be because i'm running my device as a switch? Any help on how to proceed would be greatly appreciated.
That is probably the cause.
Newer PBR have a setting to ignore wan interface and to set your wan interface.
In your case your wan interface is maybe br-lan.
See the manual: https://docs.openwrt.melmac.net/pbr/
Edit:
You maybe have to change to this?:
/etc/config/pbr under config pbr 'config'
Yes, thank you for your reply. I tried what you suggested, and it did get me past the error. Unfortunately other issues occured after that.
I get this at the startup of pbr now:
wan/eth0.2/0.0.0.0
wg1/10.2.0.2 ✓
where i would expect wan/eth0.2/my-lan-gw (which is the isp-router)
I get very weird internet behaviour after this, where some sites are reachable and others not. Only disabling pbr and the wg interface followed by a reboot solve this. Maybe I'll setup my router as an actual router and try again, because i feel that it being a switch now is complicating matters.
Ok, i made good progress after going back to a regular router setup. Got the vpn running and pbr working, yay!
Only thing is that the default route for the network seems to be the vpn now. Of course, i could setup pbr to to do the inverse of what i was trying to do in the first place, but i'd rather have the wan as the default route. From the pbr documentation i understand that that is an openwrt thing. I think i should be able to figure that one out, but if you have any ideas on this...
Another question i have is this; By going back to the router setup i had to deal with a possible double nat situation. I put openwrt in the dmz of my isp router. So far everything seems to work ok, but i was wondering if there is any safety concerns when settings thing up like this.
To make sure the VPN is not the default
for WireGuard: disable Route Allowed IPSor on the Advanced Settings tab of the WG interface disable/untick Use Default gateway
for OpenVPN add to the openvpn config:
pull-filter ignore "redirect-gateway"
# if you are using IPV6:
#pull-filter ignore "redirect-gateway ipv6"
Your router has its own firewall unless you disable that you should be safe
