I hope you're doing well! I'm reaching out because I've been working on enhancing my network configuration and could really use your expertise.
I'm trying to connect my OpenWRT router to multiple ProtonVPN servers using WireGuard. My goal is to achieve load balancing and create a more reliable and resilient connection. So far, I have a basic setup (ProtonVPN interface via WireGuard) that works, but I’m struggling with the next steps.
Current Setup:
My OpenWRT router connects to the internet via Wi-Fi (WWAN).
I have a configured and functioning WireGuard connection to ProtonVPN.
Goals:
Multiple WireGuard Connections:
Should I create separate interfaces for each WireGuard server? If so, how do I properly configure them?
Using MWAN3:
How can I make MWAN3 recognize these multiple WireGuard connections for load-balancing?
Is there a way to switch between them automatically if one goes down or if the speed drops below a certain threshold?
If my explanation doesn't cover everything, please feel free to ask for any clarifications. I’d also be happy to create a diagram to illustrate my setup if that would help.
As a token of appreciation, I promise to write a comprehensive tutorial with screenshots to share what I learned, making it easier for others to replicate this setup in the future.
I have access to various routers from different brands and generations, so please keep that in mind.
Additionally, I will e-reward anyone who helps make this possible, including those who have attempted to seriously assist, regardless of the effectiveness of their solutions.
You can create any amount of WG clients in OpenWRT, and connect them to different servers. But then you should probably use pbr (policy based routing) and not mwan3 for better client load balancing, since you only have a single WAN with a single point of failure - there is no multi in your WAN setup.
Also, unless you have a good router - that can push near the speed cap of your ISP with Wireguard, which frankly not many consumer routers can do, you will probably have a bottleneck with your router's CPU and not the pbr setup. Unless the Proton server is fully loaded, you will generally have a better performance using a single connection rather than aggregating 3 different locations, since that puts more overhead on the CPU and routing logic as well.
Older routers may not do much of wifi speed.
Single wifi connection is the main weakness, not vpn. Or in other words if wifi fades your backup vpn config will not connexct.
As others already noted the Proton Servers are usually not the bottleneck but your router usually is (unless you have very powerful equipment), in which case load balancing will not help.
Redundancy can be useful, sometimes servers are over crowded or down for maintenance and you are cut off, this happens once in a while.
For those events I use a script which checks WG connection and can start a different tunnel/server in case of failure, maybe that is something you can use, see:
I really appreciate your help, and I apologize if I wasn't clear before. I understand that what I'm asking might seem a bit unconventional. I'm not trying to establish a failsafe connection to the internet; rather, I'm hoping to create a reliable protected connection to VPN or to multiple VPNs simultaneously (for load balancing), particularly the free ones in the USA. My goal is to route my traffic in a way that maximizes speed, as I often find these connections can be slow, but I prefer them for the latency and for regionality. I believe this redundancy could help maintain a steady VPN connection, eliminating the need for a kill-switch or frequent server switching.
So imagine it this way, I want to connect to multiple USA VPN servers via Wireguard, using my OpenWRT router (which is not a very good one but that's not the issue here), I want to achieve, higher speed by allowing to get some load-balancing (but this is optional), Improve reliability by eliminating the hassle of having to switch from server to another due to them being overloaded at some points of the day... And ensuring that the connection is protected at least by one VPN all the time that offers the best latency and speed.
I realize this may come across as confusing or overly complicated, and I’m truly sorry for any misunderstanding. I’m confident that what I’m envisioning is possible; I just haven’t figured out how to achieve it yet. Thank you for your patience with me.