Source-IP routing rule to vpn tunnel

Hi guys! Please advice how implement logic of source-ip routing on OpenWRT 22.03.2 ?
Have a regular WAN uplink and Wireguard wg0 VPN uplink where traffic routes there based on IP/subnet ipset list with using mark routing.

Inside LAN have a specific device which need to route all it's traffic inside wg0 tunnel... Is it possible to do this somehow?
PS tried setup Network -> Routing-> Ipv4 rules with entry like this:

config rule
        option src ''
        option out 'wg0'
        option in 'lan'

but unfortunately traffic from this client still routes via WAN:

  1     3 ms     1 ms    <1 мс  OpenWrt.lan []
  2     4 ms     5 ms     3 ms  172.xx.xx.1

PS in case of requesting IP from pre-defined ipset the same client routes via wg0

  1    33 ms     1 ms     1 ms  OpenWrt.lan []
  2    82 ms    81 ms    81 ms

Is there any way to implement source-ip routing or some tricky firewall rule? Thanks in advice!

You need a set of rules/routes for the wg connection. And you don't need the option out 'wg0' . Also the source is wrong. Use either .74/32 for a single host or .0/24 for the whole subnet.


Thanks a lot it is really working!
Will describe a how-to case
0. bind a MAC of device to static-dhcp

config host
        option ip ''
        option mac 'xx:xx:xx:xx:xx:xx'
  1. add entry inside routing table
`100     allwg`
  1. add new route like this
    ip route add table allwg default dev wg0

  2. made a hotplug.d script to auto-apply route

    ip route add table allwg default dev wg0
  1. made a routing rule for my example source IP to allwg
   config rule
        option src ''
        option lookup 'allwg'
  1. made a route rule to allwg table
   config route
        option target ''
        option netmask ''
        option metric '100'
        option table 'allwg'
        option interface 'wg0'
1 Like

I also wrote a how-to of sorts on this here:

Steps 2 and 3 are not needed. There is also a mismatch of the IP in step 0 and step 4.

1 Like

Fixed typo with IP. Thanks anyway I got a solution and it works fine!

any reason why PBR wasn't advised here ?

It is overkill for one IP.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.