Hi, I have two different WANs (Internet Cable & Internet Through VPN). Is it possible to have two different WIFIs networks, one for each WAN?
My internet VPN traffic is through an interface with protocol WireGuard VPN that I have successfully configured.
Any clue or idea about where I can search for information/tutorials?
There are quite a lot of topics here for this question.
Hello, I have been trying to set up a master wifi with VPN (LAN) together with another one without VPN (GUEST). No luck so far.
What I can say is that both master and guest wifi work when there is no VPN, but as soon as I turn on VPN the master works with VPN while the GUEST doesn't have access to internet.
I have included some rules in the firewall, but they don't seem to help. In case it helps, I have a Linksys1900acs and this is my /etc/config/firewall file:
First i want direct point out i'm green with OpenWRT, so i directly say sorry to everyone that came here to get a easy solution...
I'm trying to create my VPN router based on GL-mt300n v2 on OpenWrt 19.07.0-rc2 r10775-db8345d8e4. I got Cyberghost vpn. I want to have 2-3 diferent wifi networks, where 1st is standard internet and 2nd and 3rd is for 2 OpenVPN clients from 2 diferent countries.
GL-mt300n v2 has 2 Lan ports, so
WAN port - that will be just WAN... DHCP client to main inter…
Becuase I'm NOOB bro. and Yes, I enabled DHCP
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
to name a few
Hi, thanks for your reply. I reviewed the three links and it seems none of those solutions work, I will try installing mwan3 and see if it works.
I haven't tried mwan3 before, but is it really needed in this case? I mean if no balancing is required, and each WAN will have it's LAN, can't this just be done by making 2WANs and 2 LANs, and configure the firewall accordingly?
mwan3 can do more than load balancing/failover.
It can direct traffic from one source to one link and traffic from another source to another link.
Firewall can allow or drop packets, it won't make routing decisions.
option route_allowed_ips '0' to your Wireguard config to disable iptables
Then use VPN Policy Routing package to redirect your second WiFi's LAN network traffic to goes through Wireguard's WAN
Not routing allowed IPs doesn't change anything in iptables.
Hi, I could successfully configure everything so now I have one wifi per WAN. Here it is what I have done:
Install mwan3 & wireguard (
# opkg update
# opkg wireguard
# opkg install mwan3
# opkg install luci-app-mwan3
Create two network interfaces
wan_wg0, protocol: WireGuard VPN ( Very important is do not enable check ") Route Allowed IPs" to avoid changes in routes name:
lan_wg, protocol: static address with dhcp enabled (network 10.0.1.0)
Create a new wifi linked to the new network (
Create two firewall zones
wan_wg (Covered networks "wan_wg0", Allow forward from source zones "lan_wg")
lan_wg (Covered networks "lan_wg", Allow forward to destination zones: "wan_wg0" )
network/load balancing/interfaces" ( Names must match the interface name found in /etc/config/network)
Interface "wan" (initial state on line)
wan_wg0" (initial state on line)
new member "m_wan" with interface "wan", metric 1 and weight 1
new member "m_wan_wg0" with interface "wan_wg0", metric 2 and weight 2
new policy "p_wan" with member "m_wan" and last resort unreachable
new policy "p_wan_wg0" with member "m_wan_wg0" and last resort unreachable
new rule "r_wan" with source address "
", destination address "0.0.0.0/0", protocol "all" and policty "p_wan". 10.0.0.0/24 new rule "r_wan_wg0" with source address "
", destination address "0.0.0.0/0", protocol "all" and policty "p_wan_wg0". 10.0.1.0/24
My second wan is a wireguard vpn but these steps can be reproduced with any other wan interface.
One wifi is in network
10.0.0.0 and the other one (wireguard) is in 10.0.1.0
Thank you all for your help guys
# opkg install wireguard
# opkg install luci-proto-wireguard
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.