New to Openwrt so please bare with, I have setup wireguard on my router following this guide . I'll include some images below of my setup. My router supports dual SSIDs, I want to run one with a vpn and the other just normal internet. What's the best way to do this, ideally without using the PBR package, I've tried messing around with the configs but haven't got it working as of yet.
I'm also not sure how this works with the wireguard DNS forwarding (see guide for how I've set this up), how do I have different DNS forwarding on my different SSIDs?
Thanks for any assistance, my current setup
Either rules and routes or netifd pbr.
Either you advertise specific upstream nameserver directly to the lan hosts by DHCP option 6, or create multiple dnsmasq instances.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Both *_ssid interfaces are not type bridge.
The *_ssid firewall zones don't need any masquerade.
What is not working for the wifi? Do the clients connect? Do they get an IP? Where does the traceroute/mtr stop?
You need to remember that since you set the input mode of your "vpn_ssid" interface to REJECT that you have to add allow rules for DHCP and DNS in order for the devices you connect to be able to communicate with the device.
1 Like
You need pbr for that, as described earlier.