I've managed to set-up a NordLynx (WireGuard) interface, using this topic and by adding the WG interface to the WAN zone. As a result, my entire lan is running through the WG interface.
Now, I want to go a step further, by setting up policy based routing (using the vpn-policy-routing and luci-app-vpn-policy-routing packages). What I'd like to do, is to set-up a policy/rule which lets a specific machine/IP on my lan to connect directly to the WAN, without going through the WireGuard interface.
Can anyone help me on how to set this up correctly? I've tried to do it with the help of the documentation (specifically this example), but that example seems a little unnecessary to me (since the example is describing both a WG server and a client interface). In my opinion, there should be ways to make it work with only one WG interface, not?
You're a life-saver! Thanks, that works like a charm.
However, I'm wondering why this works:
uci set vpn-policy-routing.lan_wan.src_addr="192.168.1.215"
And this doesn't:
uci set vpn-policy-routing.lan_wan.src_addr="MY-LAPTOP"
If I'm using the machine name, I get this error:
Host name can work only when it is resolved correctly.
You need to match the name that the host reports when it obtains a DHCP lease:
However, this method fails if you restart the router and the client is connected by wire.
Set up a hostname if you need to resolve the hostname reliably.
But this solution is also incomplete unless you configure a static lease.
Hmm, the host name is in the dhcp.leases file, but it still won't work.
But as I understand, it's better to assign the policy to an IP instead of using a host name. I'll do just that then. Thanks!
Yep, using hostnames is tricky as it relies on a separate tool:
It can bypass Dnsmasq in certain cases, which makes problematic to resolve local hostnames.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.