Two WANs (One WIFI network per WAN)

Hi, I have two different WANs (Internet Cable & Internet Through VPN). Is it possible to have two different WIFIs networks, one for each WAN?

My internet VPN traffic is through an interface with protocol WireGuard VPN that I have successfully configured.

Any clue or idea about where I can search for information/tutorials?

Thank you

There are quite a lot of topics here for this question.

to name a few

2 Likes

Hi, thanks for your reply. I reviewed the three links and it seems none of those solutions work, I will try installing mwan3 and see if it works.

Regards!

mwan3 can do the trick.

1 Like

I haven't tried mwan3 before, but is it really needed in this case? I mean if no balancing is required, and each WAN will have it's LAN, can't this just be done by making 2WANs and 2 LANs, and configure the firewall accordingly?

1 Like

mwan3 can do more than load balancing/failover.
It can direct traffic from one source to one link and traffic from another source to another link.
Firewall can allow or drop packets, it won't make routing decisions.

3 Likes

First, add option route_allowed_ips '0' to your Wireguard config to disable iptables
modifaction
Then use VPN Policy Routing package to redirect your second WiFi's LAN network traffic to goes through Wireguard's WAN

1 Like

Not routing allowed IPs doesn't change anything in iptables.

1 Like

Hi, I could successfully configure everything so now I have one wifi per WAN. Here it is what I have done:

  1. Install mwan3 & wireguard (https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3)
# opkg update
# opkg wireguard
# opkg install mwan3
# opkg install luci-app-mwan3
  1. Create two network interfaces
  • name: wan_wg0, protocol: WireGuard VPN (Very important is do not enable check "Route Allowed IPs" to avoid changes in routes)
  • name: lan_wg, protocol: static address with dhcp enabled (network 10.0.1.0)
  1. Create a new wifi linked to the new network (10.0.1.0)

  2. Create two firewall zones

  • wan_wg (Covered networks "wan_wg0", Allow forward from source zones "lan_wg")
  • lan_wg (Covered networks "lan_wg", Allow forward to destination zones: "wan_wg0" )

*** mwan3 ***

  1. In "network/load balancing/interfaces" (Names must match the interface name found in /etc/config/network)
  • Interface "wan" (initial state on line)
  • Interface "wan_wg0" (initial state on line)
  1. In "network/load balancing/members"
  • new member "m_wan" with interface "wan", metric 1 and weight 1
  • new member "m_wan_wg0" with interface "wan_wg0", metric 2 and weight 2
  1. In "network/load balancing/policies"
  • new policy "p_wan" with member "m_wan" and last resort unreachable
  • new policy "p_wan_wg0" with member "m_wan_wg0" and last resort unreachable
  1. In "network/load balancing/rules"
  • new rule "r_wan" with source address "10.0.0.0/24", destination address "0.0.0.0/0", protocol "all" and policty "p_wan".
  • new rule "r_wan_wg0" with source address "10.0.1.0/24", destination address "0.0.0.0/0", protocol "all" and policty "p_wan_wg0".

Last notes:

  • My second wan is a wireguard vpn but these steps can be reproduced with any other wan interface.
  • One wifi is in network 10.0.0.0 and the other one (wireguard) is in 10.0.1.0

Thank you all for your help guys :smiling_face_with_three_hearts:

1 Like
# opkg install wireguard
# opkg install luci-proto-wireguard

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.