my Wireguard vpn interface is still down
OK, what is your question?
You can create VLANs in GUI. See, what happens with contents of the file /etc/config/network. In your configuration WAN is member of tagged 3 VLAN, remember it in configuring interfaces.
Thanks heaps for this advice @vgaetera! I was able to achieve a similar setup with two separate WLANs.
I did so with the use of these two resources:
- Configure a guest WLAN using the Luci web-interface
- VPN Policy-Based Routing (applying a policy routed to WAN for the second subnet / WLAN)
@bulat I'm sure you could achieve something similar for your use case.
1 Like
It was my mistake. While I was configuring the new VLAN interface, I entered the default gateway. After removing gateway, vpn began to work again.
I used following solution to get internet working on my second vlan. ip route add default via 10.10.1.1 table 10 ip rule add from 192.168.1.187 table 10
https://forum.openwrt.org/t/solved-2-vlans-and-no-internet-on-1-vlan/8591/9?u=bulat
Could you please explain to my how to add it to startup section?
Also when I tried to enter whole subnet ip rule add from 192.168.1.0/24 table 10, my console hang and Luci didn’t respond.
Should I use solution mention above or use policy based solution?
Thank you!!! this solution does work!!!
1 Like
I didn't apply these commands, Do I need to use them for better performance?
It seems not necessary unless you have issues binding port IDs to VLANs.
Oh, it drives me crazy. I am truing to replicate my configuration from scratch, but for some reason it doesn’t work anymore.
Can you explain to me what does it exactly do? What does this uci set network.lan.ip4table="10" line do? Does network.lan correspond to my lan interface? And I assume that lan interface is the interface connected to vpn server.
It should create a separate routing table and a set of rules to utilize it for the mentioned interfaces.
I tried and tried but, I can get it woking using uci set network.wg.ip4table="10" uci set network.wg.ip6table="10" uci set network.lan.ip4table="10" uci set network.lan.ip6table="10" uci commit network service network restart
probably I was connected to wifi, and I got confused.
Could you please tell me how to run following commands at startup?
ip route add default via 10.10.1.1 table 10, ip rule add from 192.168.1.187 table 10
uci set network.route1="route"
uci set network.route1.target="0.0.0.0/0"
uci set network.route1.gateway="10.10.1.1"
uci set network.route1.table="100"
uci set network.rule1="rule"
uci set network.rule1.src="192.168.1.187"
uci set network.rule1.lookup="100"
uci commit network
/etc/init.d/network restart
You can also configure it via web interface.
I think, vgaetera's answer it too complicated. I answer much simpler.
You should add 'route' and 'rule' in /etc/config/network Add sections and see, what happens with routing table. vgaetera gave you uci-commands, I think, it is too complicated. In any case result of uci-commands is modifying of /etc/config/network I recommend you modify it by hands.
https://openwrt.org/docs/guide-user/network/routes_configuration
https://openwrt.org/docs/guide-user/network/ip_rules
I added
ip route add default via 10.10.1.1 table 10 up rule add from 192.168.1.187 table 10
to /etc/rc.local.
Now my setup is fully functional.
But can you tell my how to add the whole subnet except one ip(192.178.1.1)?
I don’t know why, but it didn’t work for me.
Unfortunately my solution is not as elegant as vgaetera’s, but it works.
Note, that /etc/rc.local doesn't interact with network service properly, so any sort of race condition as well as network interface or service restart will break the configuration.
The only way to exclude it is to override the current configuration with another route or rule.
1 Like
Try to use 'filter' by 'network', not by 'ip':
https://openwrt.org/docs/guide-user/network/ip_rules
config rule
option in 'lan'
option lookup '10'
Also it could be done via command, but I don't know, how to specify interface in OpenWRT-implementation (iif maybe, but it is device, not name of interface).