Routing via UCI (wireguard, policy based routing)


I split my LAN into three segments using VLAN. The normal LAN where my workstations and servers are in (LAN,, DMZ with my IOT stuff ( and my LAN_VPN ( where all devices should use my wireguard VPN connection as default route.
Devices in LAN should be able to connect to devices in DMZ and LAN_VPN. When I use the methods described here, here or here devices in LAN can not connect to devices in LAN_VPN anymore. I found the solution here and the commands necessary are this:

edit /etc/iproute2/rt_tables:

# reserved values
128	prelocal
255	local
254	main
253	default
10	vpn
0	unspec
# local
#1	inr.ruhep

Commands in terminal:

ip rule add priority 32000 from all lookup main
ip rule del priority 32766
ip route add default via wg_tunnel_ip dev wg table vpn
ip rule add priority 32100 from lookup vpn
ip route add $(ip route show table default
ip route del default

This essentially puts the default route in the lowest priority and all other routes are honored before the default route for either or all other traffic is applied.

Now my question, how can I add this to /etc/config/network?


Thank you, how did I never find these pages? I was really tinkering a lot the last days.