[Solved] 2 Router setup | WireGuard VPN routing

Hi,

i am currently try to esteblish a WireGuard VPN connection over an existing Internet connection esteblished by a 2nd router - here the setup_

1st router (none OpenWRT):

  • connected to internet (external IP on WAN port)
  • IP: 192.168.15.1
  • Subnet: 255.255.254.0
  • provide WLAN & Guest WLAN
  • provide DHCP: 192.168.15.20-50
  • static route:
    NET: 192.168.14.0 SUBNET: 255.255.255.0 G: 192.168.14.1

2nd router (openWRT)

  • connected on Lan interface with 1st router
  • IP: 192.168.14.1
  • Subnet: 255.255.254.0
  • Gateway: 192.168.15.1
  • DNS: 192.168.15.1

Here i installed the Wireguard Interface

  • WGINTERFACE
  • Allowed IPs: 0.0.0.0/0
  • Route Allowed IPs: NO

additionally, i configured the following rules:

config rule
option in 'lan'
option src '192.168.14.51/32'
option lookup '100'

config route 'VPN_route'
option interface 'WGINTERFACE'
option target '0.0.0.0'
option netmask '0.0.0.0'
option table '100'

config route 'lan_route'
option interface 'lan'
option target '192.168.14.0'
option netmask '255.255.255.0'
option table '100'

I expected that this client '192.168.14.51' will be routed ofer router 1 to router 2 and via WireGate VPN to the internet. The client is routed to my 2nd router but he connects over the standard internet instead of the WG - do i overlook something?

THANKS
br
AL

This is not needed. 192.168.15.1/23 means from 192.168.14.0-192.168.15.255. So both routers are in the same network.

That won't work without PBR in the first router.

As per guidelines please refrain from signing the posts :slight_smile:

Thanks for the fast response - would it work if i not put them in the same segment eg:

1st router: 192.168.15.1/24 & DHCP for this segment
2nd router: 192.168.14.1/25 & DHVP for this segment as well as getway to 192.168.15.1?

If yes can someone give me some tips how the configuration need to lookas then 2 dhcp servers are in my network and it should be still possible that both networks can access each other...?

One solution would be to split the broadcast domains. All hosts connected to 1st router will only use regular internet. For hosts connected to 2nd OpenWrt router, you can have the option to send them via VPN.

Other solution is to keep it as it is in one big segment, switch off DHCP server in router 1, let OpenWrt advertise by DHCP to specific hosts itself as the gateway (those that should use VPN) and to every other host to advertise router 1 as the gateway (check DHCP option 3).

1 Like

Thanks - if i go with the the split option - how the clients know which hcps server will provide there ip? i guess if i want this i would need to define vlans which will be a problem i guess...

if i go with option 2 i also not fully understand how i define the clients whcih should get the default getway over DHCP option - here i think i can enter only 3,192.168.15.1 (gatway router 1) but how i define which clients get this?

Has anyone a sample configuration of this 2 optione for me?

THANKS again

Hosts connected to router1 will get settings from DHCP server of router1. Same for hosts connected to router2. Router2 WAN port will connect to Router1 LAN port, so broadcast domains will be separated.

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#client_classifying_and_individual_options

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.