Hello
I split my LAN into three segments using VLAN. The normal LAN where my workstations and servers are in (LAN, 10.0.10.0/24), DMZ with my IOT stuff (10.0.20.0/24) and my LAN_VPN (10.0.30.0/24) where all devices should use my wireguard VPN connection as default route.
Devices in LAN should be able to connect to devices in DMZ and LAN_VPN. When I use the methods described here, here or here devices in LAN can not connect to devices in LAN_VPN anymore. I found the solution here and the commands necessary are this:
edit /etc/iproute2/rt_tables:
#
# reserved values
#
128 prelocal
255 local
254 main
253 default
10 vpn
0 unspec
#
# local
#
#1 inr.ruhep
Commands in terminal:
ip rule add priority 32000 from all lookup main
ip rule del priority 32766
ip route add default via wg_tunnel_ip dev wg table vpn
ip rule add priority 32100 from 10.0.30.0/24 lookup vpn
ip route add $(ip route show 0.0.0.0/0) table default
ip route del default
This essentially puts the default route in the lowest priority and all other routes are honored before the default route for either 10.0.30.0/24 or all other traffic is applied.
Now my question, how can I add this to /etc/config/network?