Hi all,
new here but have been using OpenWrt based devices for a while.
I own a GL.inet AR300M which I use as a router for all our family's devices when we are travelling.
The router connects to WAN either via the WiFi, LAN or USB tethering to an Android smartphone. The router will connect to a Wireguard server at our home (Opnsense) to provide access to our home network.
The challenge is that our home network is behind a dynamic IP address that will change every 24 hours (as many ISPs still do). The home firewall registers the IP address with a dynamic DNS service.
I have been using the GL.inet firmware previously but wasn't entirely happy with the sometimes somewhat unpredictable behavior of the modifications that the manufacturer made to the underlying OpenWrt.
So I took the plunge and installed vanilla OpenWrt 21.02.2 and it's been great so far.
I have two scenarios that I need to cover:
A) The travel router only routes traffic to our home network IP range via the Wireguard tunnel and automatically updates the Wireguard tunnel with the new WAN IP of our home router when the IP changes.
B) The travel router routes ALL traffic via the Wireguard tunnel and automatically updates the Wireguard tunnel with the new WAN IP of our home router when the IP changes.
I have managed to get (A) working fully with the help of wireguard_watchdog
. As in the Wireguard tunnel reconnecting as soon as the Dynamic DNS name of our home router resolves to the new/changed IP address.
I am struggling with (B). As all traffic is routed over the Wireguard tunnel, DNS resolution of the Dynamic DNS name of our home router doesn't work then the home routers WAN IP changes and the tunnel stops working.
I have looked at VPN policy-based routing and think that could solve this issue:
- Route traffic to home router domain name via WAN
- Route traffic to 1.1.1.1 (Cloudflare DNS) used to resolve home router domain name via WAN
- Route all other traffic via VPN
Looking at the VPN policy-based routing UI in Luci I noticed that I have to specify which WAN interface to use. This could be either one of WWAN, WAN or TETHERING depending on where the travel router is used.
I was thinking of programmatically creating VPN policy-based routing configuration at the time when the Wireguard tunnel is established. I know that uci
can be used for this approach. Is there any place where I can hook the code into, e.g. when the interface comes up or down?
Also, if there are any other ideas how to solve I'd be most happy to hear them.
Thank you for your comments!