Two or more Wireguard connection (client) with VPN-Policy-Routing/MWan3

Hi,

until few days ago I used 2 OpenVpn connections (client) and 1 Wireguard connection (client) on my router (openwrt 18).

For each vpn connections I don't set routing (I mean inside openvpn or wireguard configuration) because I used policy Routing or Mwan3 packages to choose right vpn connection (based for example on ip source/destination or port, etc...).

Now I would like to switch to Wireguard only but I don't be able to establish two wireguard connections (to two different peers) from my router: do you know if this is possible?

Thanks in advance

You'll need to elaborate on what do you want to achieve.

1 Like

It's possible to have mutiple Wireguard interfaces with mutiple peers (but not with the same allowed IPs). So I agree with @stangri, we need more information.

You are right, I have been too cryptic.

Actually on my router (Openwrt 18 on a ESXi vmware machine), I have 3 vpn connections: two are openvpn connections and one is a wireguard connections.

Each of them are connections to a VPN provider (so, are client vpn connections): I need this cfg to maximize vpn performance (my cpu limit and/or vpn provider limit).

For each of these, I have not configured routing-features, so

  • for openvpn connections, I set option route_nopull '1'
  • for wireguard connection, I set allowed_ips to "0.0.0.0/0" but I don't set "route allowed ips"

I am using policy-routing (thanks Stangri) to use a specific vpn connection for my clients: so, for example, a specific client uses openvpn1, another client uses openvpn2, a third client wireguard1, a fourth client uses directly wan connection.

Now I would like to switch to Wireguard only connections but when I am unable to startup second wireguard connection to a different peer (both have "0.0.0.0/0" allowed ips): like lleachii said, I think that's the problem.

Do you have any solution?

Thanks in advance

Correct. From your description of the setup, I indeed think that's the problem.

Create the WG with 0.0.0.0/0 routes as 2 different interfaces (i.e. different listening ports and private keys). This is how I setup multiple VPN companies, my own VPNs, etc.

2 Likes

Thanks lleachii,

I will try but at this moment I have a big problem: every time I reboot (or I restart wireguard interface), wireguard doesn't comes up.

I start another thread because this problem made me crazy.

Hi,

beyond wireguard startup problem, I created two wireguard interfaces, wg01 and wg02 with different public/private keys and local port (and obviously with 2 different peers):

config interface 'wg01'
option proto 'wireguard'
option private_key 'my_private_key_1'
option listen_port '55444'
list addresses 'my_ip_address_1/32'
option delegate '0'
option auto '0'

config wireguard_wg01
option public_key 'vpn_provider_server1_public_key'
option persistent_keepalive '25'
option endpoint_port '51820'
list allowed_ips '0.0.0.0/0'
option endpoint_host 'vpn_provider_server_1_ip_address'

config interface 'wg02'
option proto 'wireguard'
list addresses 'my_ip_address_2/32'
option private_key 'my_private_key_2'
option auto '0'
option listen_port '55445'

config wireguard_wg02
option public_key 'vpn_provider_server_2_public_key'
option persistent_keepalive '25'
list allowed_ips '0.0.0.0/0'
option endpoint_host 'vpn_provider_server_2_ip_address'
option endpoint_port '51820'

With this configuration first I startup wg01 and, when finally works (ping replies), I startup also wg02: this second interfaces never works (ping -I wg02 8.8.8.8 never reply).

Maybe wireguard doesn't works with two different peers and same "0.0.0.0/0" as allowed ips?

Thanks in advance

Sure works here. If your WG interface doesn't start on reboot, maybe there's something wrong with it. I have 5-6 WG interfaces here and they all come up after boot-up/restart.

1 Like

Hi stangri,

I have 2 problems with wireguard:

  1. Wireguard interfaces doesn't establish a connection after router's reboot or restart interface
  2. I no sure if is possible to get 2 different wireguard interfaces (I don't use server on my router) with "0.0.0.0/0" as allowed ips to different peers

For the first, I don't think it is an error on my configuration because after many stop/restart/reboot, wireguard interface works: for the second I don't be able to do serious tests until I resolve the first.

I start to think the problem can be on my vpn provider (mullvad): maybe I could try another provider that supports wireguard.

Do you have any experience?

Thanks in advance

  • Did you switch the route or make a route for 8.8.8.8/32 via wg02?
  • Did you update the 2nd Mullvad account's key?
1 Like

Why do you keep asking if you're ignoring what I'm saying?

Like I said before it works for me.

I use 2 mullvad tunnels, two ivpn tunnels and a wirevpn tunnel (so 5 total) and they all come up on router boot/restart.

ping -I on wireguard interface was broken for now, but two wireguard connection actually working, please see:

Last night I left the 2 connections active but not working and this morning ... they both work, I can't believe it.

At this point I configured mwan3 (with different routing on the 2 connections depending on some clients) and I would say that it works correctly: in few hours I will try also VPR.

Now, however, I'm afraid that on the first reboot, my nightmare will start again.

@wackejohn: mwan3 seems to track correctly wireguard connection (via ping): actually both interfaces are green (and yesterday night were red):

From Mwan3 Details:

Interface status:
 interface wan is online and tracking is active
 interface wg01 is online and tracking is active
 interface wg02 is online and tracking is active

I tried again and this time, with 2 working wireguard interfaces (wg01 and wg02):

  • rebooted router: both interfaces are up and running immediately

  • shutdown the router, waited 1 hour, then startup: only wg01 is up and running immediately, wg02 is down

Wg02 was down for more than 2 hours, but now, after 2 hours and 20 minutes, is working again.

I can't understand where the problem is.

P.S: To verify that a specific wireguard interface is running (in a router with two or more wg interfaces, configured without "route allowed ips"), also without VPR/Mwan3 packages, I think it is enough to see interfaces page on luci and see the difference between RX/TX number of packets (thanks to wireguard's persistent keep alive): am I right?

Hi @ciccio.reborn ,

Im in the same situation.

Would like to setup two VPN connection (Mullvad) with WireGuard and MWAN3.

Do you have any step by step guide to setup Mwan3 and WireGuard?

Many thanks

Regards,

You should probably start your own topic, this one is over two years old.

Thanks, will do that tonight.

Regards

I happen to run two Mullvad Wireguard clients load balanced with mwan3, if you post a new topic I'll try and share my configs with you if it will help.

Thanks alot @jamesmacwhite.

Here is the post however, im looking for two separate VPN connections for two separate LANs in openWrt.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.