I split my LAN into three segments using VLAN. The normal LAN where my workstations and servers are in (LAN, 10.0.10.0/24), DMZ with my IOT stuff (10.0.20.0/24) and my LAN_VPN (10.0.30.0/24) where all devices should use my wireguard VPN connection as default route.
Devices in LAN should be able to connect to devices in DMZ and LAN_VPN. When I use the methods described here, here or here devices in LAN can not connect to devices in LAN_VPN anymore. I found the solution here and the commands necessary are this:
# # reserved values # 128 prelocal 255 local 254 main 253 default 10 vpn 0 unspec # # local # #1 inr.ruhep
Commands in terminal:
ip rule add priority 32000 from all lookup main ip rule del priority 32766 ip route add default via wg_tunnel_ip dev wg table vpn ip rule add priority 32100 from 10.0.30.0/24 lookup vpn ip route add $(ip route show 0.0.0.0/0) table default ip route del default
This essentially puts the default route in the lowest priority and all other routes are honored before the default route for either 10.0.30.0/24 or all other traffic is applied.
Now my question, how can I add this to /etc/config/network?