Ok, having abandoned my previous tactic, I'm now on a more efficient one I'm hoping.
I've got a Pi up and running within my LAN as a Wireguard server connecting to Torguard VPN, and initial tests worked for connectivity before I started fiddling...
Then messing with my OpenWrt router in order to make the Pi a default gateway, it's all gone Pete Tong...
Currently, I can SSH Pi internally, but it has no internet connectivity (interfaces are UP).
Torguard:
Router and LAN/WiFi all working fine but not passing through Pi clearly.
Must need to fiddle with rules/zones but not found the right combo yet.
LAN = 192.168.0.1
Pi (intended gateway) = 192.168.0.117
It wouldn't surprise me, I'm seeing sounds right about now!
So, latest development, removed the Pi gateway from interfaces, played with some traffic routing, added the Pi ip as the gatway for lan, and we're in business to a degree. I've forced my PC to use the Pi as the default gw and now everything is routing correctly, but just that PC. Is there a way to force everything through the VPN without having to edit the gw on every device?
Also, set up a profile of the Pi for my Android, but it's not getting through annoyingly, more fiddling!
Hmm, not really, would prefer as is tbh. Put OpenWrt on router to have that as the VPN, but realised I'd not be getting my 100mbit connection through it so decided to keep the router as is and Pi4 to do the grunt work - setting that up as PiVPN was a delight, so simple (spent a long week trying to sort all this so a bit worn out now!)
If your devices are configured to use DHCP they should get the configured gateway from the interface settings. It is not updated instantly, only after the current lease expired, might that be the reason? You can see the remaining lease time per client on the status / overview page.
As far as I understand your use case, you don't need a additional zone for the Pi, just keep it in the same interface as the other devices, with lan zone. Then set the port fowarding From wan, To lan and leave IP and port as is.
Oh actually, that's a good point, see didn't realise that! Lease time perhaps, most are set to 12hrs though, so is there a command for example I can run to force everything quickly?
With regards to the pi as an interface/zone - i guessed and removed that and things are much better for sure. Problem is, I'm trying to access the Pi WG server via external Android and cant get a handshake, tried fiddling with port forwarding, traffic rules and various combinations - no handshake grrr
I then realised that lots of the sites I frequent aren't working with Torguard, so having everything routing through that is unnecessary perhaps - so I'd like to just push certain things through. Some of which I cannot change the gw on, so I need to work out rules for them all, daunting as I can't even get SSH/Wireguard through the firewall
I'm in IT and not a complete moron, but there's no doubt about it, Linux/OpenWrt is far more advanced than a normal router gui eh!